As preparations for the FIFA World Cup 2026 are underway around the globe, cybersecurity experts have issued a warning for football fans looking for match tickets online for the upcoming World Cup 2026.
CloudSEK researchers from CloudSEK’s Threat Intelligence team have uncovered a sophisticated scam operation that is far more sophisticated than the usual phishing scam operation in which FIFA ticketing websites, fake payment gateways, and technology that’s able to steal one-time passwords (OTPs) in real time are used to get in touch with football fans looking for match tickets in advance of the tournament.
According to the media, the scam is linked with Chinese-based threat actors and is aimed at fans who are looking to purchase tickets for the biggest football event in the world. With millions of supporters rushing to book seats for highly anticipated matches, cyber criminals are taking advantage of the rush and excitement surrounding the event.
According to CloudSEK, the fraud network comprises at least 40 fake FIFA-themed websites, a rogue payment processing infrastructure, and a fraud-as-a-service ecosystem supporting multiple criminal operators. Unlike traditional scam websites, which are usually poorly designed and easy to identify, these fake portals closely mimic legitimate FIFA ticketing platforms.
Fraudulent websites advertise real match schedules, stadium information, ticket categories, shopping carts, payment pages, trust badges, and other features to let people know they are purchasing genuine tickets. Some of the sites advertised tickets for the FIFA World Cup 2026 opening ceremony at $275 (around ₹24,750), while sample orders for multiple tickets exceeded ₹1.2 lakh.
What makes this scam so dangerous is the technology behind it. It’s a kind of “man-in-the-middle” phishing, researchers say, as in a fake website that is erected in the middle of the payment process, where the attackers can hear and monitor information that is entered and then retrieve it.
Some victims who try to buy tickets may unknowingly provide their card numbers, expiry dates, and CVV security codes directly to cybercriminals. More worryingly, the platform is reportedly able to relay and capture OTPs in real time. That means even users who rely on SMS-based two-factor authentication could still fall victim if they enter the OTP into the fraudulent page.
Gagan Aggarwal, a Threat Intelligence Researcher at CloudSEK TRIAD, warned that cybercriminal groups are becoming increasingly sophisticated in their methods.
According to Aggarwal, major global events like the FIFA World Cup are now being weaponised by organised cybercrime networks. Rather than just relying on fake ticket listings or simple phishing emails, these groups are putting full checkout impersonation, live victim tracking, card skimming, and OTP interception all in one integrated system.
The discovery reflects a growing trend in cybercrime where attackers use high-profile sporting events, concerts, and festivals to lure victims into elaborate scams. As digital payment systems become more secure, fraudsters are evolving their techniques to bypass traditional security measures.
CloudSEK has advised football fans to be extremely cautious when purchasing World Cup tickets online. They are advised to purchase tickets only through FIFA's official ticketing channels and verify website addresses before entering any personal or financial information.
Such domains with suspicious variations as "ww-fifa," "www-fifa," "sdf-26fifa," "tbpay," or similar unofficial names should be flagged as high risk and should be avoided immediately.
Researchers also advise users not to trust links just because they appear in social media posts, advertisements, or direct messages. Modern phishing websites are professionally designed and often appear nearly identical to legitimate platforms, so visual inspection alone is not sufficient.
With the FIFA World Cup 2026 expected to attract millions of fans worldwide, cybersecurity experts are warning fans they need to be very careful. A careless purchase of tickets could lead to stolen banking credentials, unauthorised transactions, and significant financial losses.
Online scams are getting more sophisticated, and experts say the most important thing to do before making any payment is to check and verify the source to avoid becoming a victim.
