The FBI is warning soccer fans to watch out for fake FIFA websites designed to steal personal information during the World Cup. The agency says scammers are setting up lookalike domains that mimic official tournament pages, tricking visitors into handing over login credentials, credit card numbers, and other sensitive data.
How the scams work
The fraudulent sites often pop up in search results or show up in phishing emails, offering fake ticket sales, exclusive merchandise, or streaming links. Once a user enters their details, the information is harvested for identity theft or sold on dark-web markets. The FBI didn’t name specific sites but said the schemes are becoming more sophisticated as the tournament draws larger global audiences.
Why major events attract cybercriminals
High-profile events like the World Cup create a perfect storm for scammers. Millions of people are actively searching for tickets, schedules, and travel deals, making it easier for fraudulent pages to blend in. The same pattern has been seen during the Olympics, Super Bowls, and even political elections. The sheer volume of traffic means even a low success rate can yield thousands of stolen records.
What fans can do
The FBI recommends sticking to official FIFA channels — the real domain is fifa.com — and double-checking URLs for subtle misspellings or extra characters. Users should also avoid clicking links in unsolicited emails or social media messages. Enabling two-factor authentication on accounts tied to payment or travel can add an extra layer of protection.
The warning comes as cybersecurity experts push for better digital literacy among the public. Knowing how to spot a suspicious link or a too-good-to-be-true deal is often the best defense. For now, the safest bet is to assume that any unsolicited offer related to the World Cup is a trap until proven otherwise.
