Overview
- Security researchers and firms report active, multi‑vector campaigns that use spoof FIFA ticket sites, fake hotel and betting pages, social‑media lures, and illegal streaming apps to steal money and login data.
- A large measurement by zLabs found thousands of World Cup–related domain registrations and reported hundreds of thousands of compromised credentials tied to these scam pages.
- Researchers identified a phishing cluster called 'Ghost Stadium' operating hundreds of pages that mimic FIFA’s login flow and sometimes load assets from official servers to appear genuine.
- Malicious Android streaming apps and pirated streams have been linked to banking trojans such as Massiv and BTMOB that capture keystrokes and banking details from victims.
- Law enforcement, platforms and security firms are issuing warnings and practical advice — buy only from fifa.com or vetted resellers, enable two‑factor authentication, verify URLs, avoid unsolicited links, and prepare vendor contingency plans to reduce disruption risk.