- Thousands of fake FIFA domains already await desperate football fans
- Scammers cloned FIFA login system with near-perfect visual accuracy for credential theft
- Facebook Ads Are Leading Victims Directly to a Large-Scale World Cup Ticket Scam
More than six million fans will fill stadiums in the United States, Canada and Mexico when the 2026 FIFA World Cup begins in June.
The enormous scale of demand for banknotes has created ideal conditions for sophisticated fraud operations.
According to Group-IB researchers, they have identified more than 4,300 fraudulent domains posing as FIFA’s official web presence since August 2025, and some of these domains have remained dormant for almost a year, lying in wait for desperate fans.
The Phantom Stadium Scam
A Chinese-speaking threat actor known as Ghost Stadium is at the center of this fraud ecosystem.
This financially motivated group has created a pixel-perfect clone of the official FIFA website using a shared phishing kit.
The fake site replicates the legitimate PingIdentity login flow with near-perfect accuracy.
Victims who land on these pages see authentic brands uploaded directly from FIFA’s own content delivery network.
The system automatically switches between eleven languages based on the visitor’s browser settings.
“Major sporting events are a magnet for fraud. Huge demand, limited tickets and fear of missing their home game put pressure on fans to act quickly. Fraudsters know this,” said Yuan Huang, global fraud intelligence leader at Group-IB.
“We have identified more than 4,300 fraudulent domains posing as FIFA’s official web presence and ready to exploit fans seeking tickets, some of which have remained dormant since 2025.”
Facebook ads serve as the main trap for unsuspecting ticket seekers.
These ads show deeply discounted prices and countdown timers to create artificial urgency.
Clicking on the ad takes visitors to a fake hospitality page with a prominent button that says “BUY NOW.”
Victims who already have legitimate tickets are tricked into logging in, handing their credentials directly to the attacker.
The scammer then changes the account password, locks out the rightful owner, and resells the genuine tickets for profit.
New buyers without existing tickets face a different but equally destructive path.
They complete a detailed payment form that captures their full name, address, phone number, and payment card details.
Scammers accept money through at least five different channels, including direct card capture, peer-to-peer apps like Chime and Nequi, and even cryptocurrency conversion through Alchemy Pay. Tickets never arrive after payment is made.
Ghost Stadium doesn’t operate in this space alone. Four independent threat actors are running six parallel fraud schemes simultaneously.
These include fake streaming platforms that demand subscription fees, counterfeit merchandise showcases targeting Latin American markets, and unlicensed gambling sites that collect passport scans for identity fraud.
More than 2,500 pairs of FIFA account credentials are already circulating on dark web markets at prices between $5 and $50 per pair.
How to stay safe
Financial losses from premium ticket fraud alone are estimated at between $71 million and $474 million.
To stay safe, the safest approach is to assume that any ticket offers outside of official channels carry significant risk.
Please check the exact spelling of the domain before entering any credentials. The official site is fifa.com without hyphens or alternative endings.
Enable multi-factor authentication on your FIFA account immediately and change your password if you haven’t done so recently.
Don’t click on ticket ads that appear on Facebook, Instagram or Telegram, no matter how attractive the discount seems.
Taking an extra moment to check before purchasing can prevent substantial financial and personal damage.
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds.
