Overview
- The FBI issued a public warning that dozens of spoof FIFA domains are active and security firms are identifying and seeking takedowns of new copycat ticket and hospitality sites.
- Researchers report large-scale fraud networks and more than 300 phishing pages operated by a group nicknamed Ghost Stadium that clone FIFA login screens to harvest accounts.
- Pirated streaming apps and malicious Android installers are distributing banking trojans and keystroke malware that capture logins and payment data from viewers seeking live matches.
- Some scam setups use fake checkout flows and an unauthorized payment panel to capture one‑time passwords as victims type them, allowing attackers to hijack bank and ticket accounts.
- Experts warn reliance on third‑party ticketing, transport and hotel technology raises the chance of cascading service outages, and local authorities are pairing takedowns with broader public‑safety and trafficking investigations.