- Thousands of fake FIFA domains are already waiting for desperate soccer fans
- Fraudsters cloned FIFA’s login system with near-perfect visual accuracy for credential theft
- Facebook ads drive victims straight into a massive World Cup ticket scam
Over six million fans will fill stadiums across the United States, Canada and Mexico when the 2026 FIFA World Cup tournament kicks off in June.
The sheer volume of ticket demand has created ideal conditions for sophisticated fraud operations.
According to Group-IB researchers, they have identified over 4,300 fraudulent domains impersonating FIFA’s official web presence since August 2025, and some of these domains have been dormant for almost a year, lying in wait for desperate fans.
The Ghost Stadium Scam
A Chinese-speaking threat actor known as Ghost Stadium sits at the center of this fraud ecosystem.
This financially motivated group has built a pixel-perfect clone of the official FIFA website using a shared phishing kit.
The fake site replicates the legitimate PingIdentity login flow with near flawless accuracy.
Victims who land on these pages see authentic branding loaded directly from FIFA’s own content delivery network.
The system automatically switches between eleven languages based on the visitor’s browser settings.
“Major sporting events are a magnet for fraud. Huge demand, limited tickets and the fear of missing your national game put fans under pressure to act quickly. Fraudsters know this,” said Yuan Huang, Global Fraud Intelligence Lead at Group-IB.
“We have identified more than 4,300 fraudulent domains impersonating FIFA’s official web presence, ready to exploit fans looking for tickets, some of which have been dormant since 2025.”
Facebook ads act as the primary trap for unsuspecting ticket seekers.
These ads show dramatically discounted prices and countdown timers to create artificial urgency.
Clicking on the ad takes visitors to a fake hospitality page with a prominent “BUY NOW” button.
Victims who already hold legitimate tickets are tricked into logging in – and handing over their credentials directly to the attacker.
The fraudster then changes the account’s password, locks out the legitimate owner, and resells the genuine tickets for a profit.
New buyers without existing tickets face a different but equally devastating path.
They fill out a detailed payment form that includes their full name, address, phone number and payment card information.
The scammers accept money through at least five different channels, including direct card acquisition, peer-to-peer apps like Chime and Nequi, and even cryptocurrency conversion through Alchemy Pay. Tickets will never arrive after payment has been submitted.
Ghost Stadium does not operate in this space alone. Four independent threat actors run six parallel fraud schemes simultaneously.
These include fake streaming platforms that demand subscription fees, storefronts with counterfeit goods aimed at Latin American markets and unlicensed betting sites that harvest passport scans for identity fraud.
More than 2,500 pairs of FIFA account credentials are already circulating on dark-web markets at prices between $5 and $50 each. couple.
How to stay safe
Economic losses from premium ticket fraud alone are estimated at between $71 million and $474 million.
To stay safe, the safest approach is to assume that any ticket offer outside of official channels carries significant risk.
Check the exact domain spelling before entering credentials. The official site is fifa.com without hyphens or alternate endings.
Activate multi-factor authentication on your FIFA account immediately and change your password if you haven’t done so recently.
Do not click on ticket ads that appear on Facebook, Instagram or Telegram, no matter how convincing the discount appears.
Taking an extra moment to check before you buy can prevent significant financial and personal damage.
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds.
