FIFA World Cup 2026: Hackers Target Fans With Fake Ticket Scams

Post Views: 8

Security researchers have identified a coordinated effort by malicious actors to deceive football enthusiasts during the FIFA World Cup 2026 through deceptive online tactics.

Phishing Initiative by Forcepoint X-Labs

A team of analysts from Forcepoint X-Labs, led by Prashant Kumar, reported observing a widespread phishing initiative tied to the tournament.

The operation involves over 100 malicious domains, with three primary scam categories identified. The most prominent tactic involves directing users to unauthorized gambling platforms disguised as legitimate services. Domains such as cn-web-fifacwc.com and zone-2026fifa.com are used to lure visitors with promises of guaranteed betting rewards. These sites, while displaying Chinese-language content, are tailored for international audiences in regions including France, Africa, and Asia.

Unauthorized Gambling Platforms

Upon interaction, users are redirected to pages designed to capture login credentials. Another component of the scheme focuses on fake hotel reservations. Researchers found 14 domains mimicking official booking services for cities hosting matches, such as Dallas, Miami, and New York. These sites follow a template structure like fifaworldcup2026cityhotels.com and are configured to steal banking information.

Fake Hotel Reservations

Additional analysis by CloudSEK and Netcraft revealed that the infrastructure is linked to threat actors based in China. The attackers utilize an unapproved payment processing system called tbpay.uk to facilitate transactions. To enhance credibility, they integrate a legitimate live chat service, tawk.to, to engage with potential victims.

Deceptive Ticket Purchasing Portals

A third method involves deceptive ticket purchasing portals. Domains such as ww-fifa.com host counterfeit checkout pages that mimic genuine transaction interfaces. Unlike traditional fraud schemes, these sites employ real-time monitoring to track user activity during checkout. When banks send one-time passwords (OTPs) via SMS for verification, the malware embedded in the site intercepts these codes, allowing attackers to bypass security measures and gain full control of victim accounts.

Threat Actors and Infrastructure

Security firms have confirmed that malicious domains are being actively blocked, with continuous updates to counter new variants. Forcepoint reported deploying automated rules to identify and neutralize lookalike websites as they emerge during the event.

Security Responses and Countermeasures

The campaigns highlight the increasing sophistication of cybercriminal operations during high-profile global events, emphasizing the need for heightened vigilance among users seeking online services related to major tournaments.

Conclusion

Security researchers have identified a coordinated effort by malicious actors to deceive football enthusiasts during the FIFA World Cup 2026 through deceptive online tactics.