{"id":13450,"date":"2026-06-08T10:03:40","date_gmt":"2026-06-08T10:03:40","guid":{"rendered":"https:\/\/serisec.com\/index.php\/2026\/06\/08\/cybercriminals-exploit-2026-fifa-world-cup-with-phishing-fake-stores-and-ticket-scams\/"},"modified":"2026-06-08T10:03:40","modified_gmt":"2026-06-08T10:03:40","slug":"cybercriminals-exploit-2026-fifa-world-cup-with-phishing-fake-stores-and-ticket-scams","status":"publish","type":"post","link":"https:\/\/serisec.com\/index.php\/2026\/06\/08\/cybercriminals-exploit-2026-fifa-world-cup-with-phishing-fake-stores-and-ticket-scams\/","title":{"rendered":"Cybercriminals Exploit 2026 FIFA World Cup With Phishing, Fake Stores, and Ticket Scams"},"content":{"rendered":"<p>    Cybercriminals Exploit 2026 FIFA World Cup With Phishing, Fake Stores, and Ticket Scams<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n    <!-- no image --><br \/>\n \t<BR><br \/>\n<BR><\/BR><\/p>\n<div>\n<p class=\"wp-block-paragraph\">The 2026 FIFA World Cup is not just a celebration of football. For cybercriminals, it is a business opportunity, and they have already gotten to work. <\/p>\n<p class=\"wp-block-paragraph\">Threat actors have been building fake FIFA stores, spinning up phishing pages, and launching purchase scams at a scale that has security researchers watching closely.<a href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/d0427b5b-ac97-4c96-8de7-1550a8655609\/Cybercriminals-Exploit-2026-FIFA-World-Cup-With-Phishing-Fake-Stores-and-Ticket-Scams.pdf?AWSAccessKeyId=ASIA2F3EMEYEXNDPAZQ6&amp;Signature=%2FlVS%2BnMdfRryGqdeHrNcjotlk4A%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEOX%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJIMEYCIQC%2FH4m2B%2BbOAqJMgyIHL2o0p66RngZvNwyA%2BvZVQNmjJwIhAPd7r9w3UU%2FVYTa0t9FaDwoFQ9tD%2FbOFm6E3TjyufBbeKvwECK7%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEQARoMNjk5NzUzMzA5NzA1IgwicsGG9%2FwyRTbNLvYq0ATMBa2FEuA8r31BS0bG9dkfOBUUrtBl9odWp7AZhHrbDaJDFdK%2Ff75TmP%2Bm%2BLGMpjUpMUmVluCL2JDsHLxUqY29J1H62ba7NDs%2FNjyqnfbGtRtZ%2BTKbzBcAl2ZKnUiFOy%2FLe7lHF6r1Q8ulCtWQ7kAfdAbsapva%2F3h8Eq%2FqOEuF2SrBccCD7ekPiHVLgI3qKlhQu89fO3USiSxhQuZZzUBcG55T%2F2R%2ByFBcVS4rb%2BF8ois1nDvyTQaUaUP6KdXplzJUF2StllM4N8mqAnzrS1298%2F0PNb9hwrZIPsFNpO7u2thC7th8UN5tmZeXyyl7WF4ElldcdCRuzIpjJKae%2BpC%2FXyPd1nZk9k%2FbNwFY%2FmYLAZJKd92wBYgFP1UK6frqMHSCPn83Bq9cqAR79RvgggdhpRgIBjj0Oqh7aAo3RlAO9d6KNfT2kzjsQeH%2FSvi9P3BKbMIUZ5pLtKpTXsdz0KB9ey1sUMYhd74sjpt9RV32rxM%2FGJJXtiZoqdUL276D45w4POA41v6rJjOZmSEHNIj7o27YnmojgAG9kwUiuRn3AAVCch0UQXCH6D0Bo4I1cx%2FNXvUPomu9VgbrvK0SMbqaupzuZ6ntdyjDVTqMQkRySgtYQ2MsD0S2Fpdq9%2FHYFPum5Byp8cFjDfBvCBHz7BHe6UHCtG94dmjrrlLWXHx3p%2FlBg3yVtlM7SGO3qp8So5KwVEjySDfcjjqnpj%2FvAHVrlfGPAuOXwjTJs50jcteZozmju2v2LGRnMU6cwUq4KCxJTRgtg37d2rU9g6id7NHXMOqGmdEGOpcBDhEaOaKDXCgJHWixG7YXZyvfpwRWak1Zfw5eDc68pC45bK%2BMcVY%2FJYCbmEhSPIGWexVtvP8nCuc%2FXKvzjtnku7Z%2F4lyGfUnusZPr3la5TF%2FTgZQXemIjkPk5C4CddnItgAXSRUNkTttsRUnAO95K04r6gxWeVGeN67e341O6lOgfJ4y5LSCcZtUp6HPLN1rrN5LyCz9z7A%3D%3D&amp;Expires=1780896061\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/p>\n<p class=\"wp-block-paragraph\">The tournament, hosted across sixteen cities in the United States, Mexico, and Canada, draws billions of eyes worldwide. That global attention makes it one of the most attractive events for online fraud. <\/p>\n<p class=\"wp-block-paragraph\">Criminals are exploiting that interest to steal payment card data, harvest personal information, and trick fans into paying for tickets or merchandise that will never arrive.<a href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/d0427b5b-ac97-4c96-8de7-1550a8655609\/Cybercriminals-Exploit-2026-FIFA-World-Cup-With-Phishing-Fake-Stores-and-Ticket-Scams.pdf?AWSAccessKeyId=ASIA2F3EMEYEXNDPAZQ6&amp;Signature=%2FlVS%2BnMdfRryGqdeHrNcjotlk4A%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEOX%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJIMEYCIQC%2FH4m2B%2BbOAqJMgyIHL2o0p66RngZvNwyA%2BvZVQNmjJwIhAPd7r9w3UU%2FVYTa0t9FaDwoFQ9tD%2FbOFm6E3TjyufBbeKvwECK7%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEQARoMNjk5NzUzMzA5NzA1IgwicsGG9%2FwyRTbNLvYq0ATMBa2FEuA8r31BS0bG9dkfOBUUrtBl9odWp7AZhHrbDaJDFdK%2Ff75TmP%2Bm%2BLGMpjUpMUmVluCL2JDsHLxUqY29J1H62ba7NDs%2FNjyqnfbGtRtZ%2BTKbzBcAl2ZKnUiFOy%2FLe7lHF6r1Q8ulCtWQ7kAfdAbsapva%2F3h8Eq%2FqOEuF2SrBccCD7ekPiHVLgI3qKlhQu89fO3USiSxhQuZZzUBcG55T%2F2R%2ByFBcVS4rb%2BF8ois1nDvyTQaUaUP6KdXplzJUF2StllM4N8mqAnzrS1298%2F0PNb9hwrZIPsFNpO7u2thC7th8UN5tmZeXyyl7WF4ElldcdCRuzIpjJKae%2BpC%2FXyPd1nZk9k%2FbNwFY%2FmYLAZJKd92wBYgFP1UK6frqMHSCPn83Bq9cqAR79RvgggdhpRgIBjj0Oqh7aAo3RlAO9d6KNfT2kzjsQeH%2FSvi9P3BKbMIUZ5pLtKpTXsdz0KB9ey1sUMYhd74sjpt9RV32rxM%2FGJJXtiZoqdUL276D45w4POA41v6rJjOZmSEHNIj7o27YnmojgAG9kwUiuRn3AAVCch0UQXCH6D0Bo4I1cx%2FNXvUPomu9VgbrvK0SMbqaupzuZ6ntdyjDVTqMQkRySgtYQ2MsD0S2Fpdq9%2FHYFPum5Byp8cFjDfBvCBHz7BHe6UHCtG94dmjrrlLWXHx3p%2FlBg3yVtlM7SGO3qp8So5KwVEjySDfcjjqnpj%2FvAHVrlfGPAuOXwjTJs50jcteZozmju2v2LGRnMU6cwUq4KCxJTRgtg37d2rU9g6id7NHXMOqGmdEGOpcBDhEaOaKDXCgJHWixG7YXZyvfpwRWak1Zfw5eDc68pC45bK%2BMcVY%2FJYCbmEhSPIGWexVtvP8nCuc%2FXKvzjtnku7Z%2F4lyGfUnusZPr3la5TF%2FTgZQXemIjkPk5C4CddnItgAXSRUNkTttsRUnAO95K04r6gxWeVGeN67e341O6lOgfJ4y5LSCcZtUp6HPLN1rrN5LyCz9z7A%3D%3D&amp;Expires=1780896061\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/p>\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/www.recordedfuture.com\/\" id=\"https:\/\/www.recordedfuture.com\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Analysts and researchers at Recorded Future said in a\u00a0report<\/a> shared with Cyber Security News (CSN)\u00a0that cybercriminal exploitation of World Cup branding is already well underway. <\/p>\n<p class=\"wp-block-paragraph\">Their Payment Fraud Intelligence team has tracked fake FIFA-branded stores, purchase scams, and spoofed FIFA and host-city domains, with fraudulent activity expected to intensify as the tournament progresses.<a href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/d0427b5b-ac97-4c96-8de7-1550a8655609\/Cybercriminals-Exploit-2026-FIFA-World-Cup-With-Phishing-Fake-Stores-and-Ticket-Scams.pdf?AWSAccessKeyId=ASIA2F3EMEYEXNDPAZQ6&amp;Signature=%2FlVS%2BnMdfRryGqdeHrNcjotlk4A%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEOX%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJIMEYCIQC%2FH4m2B%2BbOAqJMgyIHL2o0p66RngZvNwyA%2BvZVQNmjJwIhAPd7r9w3UU%2FVYTa0t9FaDwoFQ9tD%2FbOFm6E3TjyufBbeKvwECK7%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEQARoMNjk5NzUzMzA5NzA1IgwicsGG9%2FwyRTbNLvYq0ATMBa2FEuA8r31BS0bG9dkfOBUUrtBl9odWp7AZhHrbDaJDFdK%2Ff75TmP%2Bm%2BLGMpjUpMUmVluCL2JDsHLxUqY29J1H62ba7NDs%2FNjyqnfbGtRtZ%2BTKbzBcAl2ZKnUiFOy%2FLe7lHF6r1Q8ulCtWQ7kAfdAbsapva%2F3h8Eq%2FqOEuF2SrBccCD7ekPiHVLgI3qKlhQu89fO3USiSxhQuZZzUBcG55T%2F2R%2ByFBcVS4rb%2BF8ois1nDvyTQaUaUP6KdXplzJUF2StllM4N8mqAnzrS1298%2F0PNb9hwrZIPsFNpO7u2thC7th8UN5tmZeXyyl7WF4ElldcdCRuzIpjJKae%2BpC%2FXyPd1nZk9k%2FbNwFY%2FmYLAZJKd92wBYgFP1UK6frqMHSCPn83Bq9cqAR79RvgggdhpRgIBjj0Oqh7aAo3RlAO9d6KNfT2kzjsQeH%2FSvi9P3BKbMIUZ5pLtKpTXsdz0KB9ey1sUMYhd74sjpt9RV32rxM%2FGJJXtiZoqdUL276D45w4POA41v6rJjOZmSEHNIj7o27YnmojgAG9kwUiuRn3AAVCch0UQXCH6D0Bo4I1cx%2FNXvUPomu9VgbrvK0SMbqaupzuZ6ntdyjDVTqMQkRySgtYQ2MsD0S2Fpdq9%2FHYFPum5Byp8cFjDfBvCBHz7BHe6UHCtG94dmjrrlLWXHx3p%2FlBg3yVtlM7SGO3qp8So5KwVEjySDfcjjqnpj%2FvAHVrlfGPAuOXwjTJs50jcteZozmju2v2LGRnMU6cwUq4KCxJTRgtg37d2rU9g6id7NHXMOqGmdEGOpcBDhEaOaKDXCgJHWixG7YXZyvfpwRWak1Zfw5eDc68pC45bK%2BMcVY%2FJYCbmEhSPIGWexVtvP8nCuc%2FXKvzjtnku7Z%2F4lyGfUnusZPr3la5TF%2FTgZQXemIjkPk5C4CddnItgAXSRUNkTttsRUnAO95K04r6gxWeVGeN67e341O6lOgfJ4y5LSCcZtUp6HPLN1rrN5LyCz9z7A%3D%3D&amp;Expires=1780896061\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/p>\n<p class=\"wp-block-paragraph\">What makes this wave of fraud different from past World Cups is the role artificial intelligence now plays. Threat actors are using AI-generated content to produce phishing emails, smishing messages, and <a href=\"https:\/\/cybersecuritynews.com\/5000-fake-online-pharmacies-websites\/\" id=\"120293\" target=\"_blank\" rel=\"noreferrer noopener\">fake websites at a pace that no single security team can easily track<\/a>. <\/p>\n<p class=\"wp-block-paragraph\">The result is a fraud landscape that is faster, more convincing, and harder to contain than anything seen before the era of generative AI.<a href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/d0427b5b-ac97-4c96-8de7-1550a8655609\/Cybercriminals-Exploit-2026-FIFA-World-Cup-With-Phishing-Fake-Stores-and-Ticket-Scams.pdf?AWSAccessKeyId=ASIA2F3EMEYEXNDPAZQ6&amp;Signature=%2FlVS%2BnMdfRryGqdeHrNcjotlk4A%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEOX%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJIMEYCIQC%2FH4m2B%2BbOAqJMgyIHL2o0p66RngZvNwyA%2BvZVQNmjJwIhAPd7r9w3UU%2FVYTa0t9FaDwoFQ9tD%2FbOFm6E3TjyufBbeKvwECK7%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEQARoMNjk5NzUzMzA5NzA1IgwicsGG9%2FwyRTbNLvYq0ATMBa2FEuA8r31BS0bG9dkfOBUUrtBl9odWp7AZhHrbDaJDFdK%2Ff75TmP%2Bm%2BLGMpjUpMUmVluCL2JDsHLxUqY29J1H62ba7NDs%2FNjyqnfbGtRtZ%2BTKbzBcAl2ZKnUiFOy%2FLe7lHF6r1Q8ulCtWQ7kAfdAbsapva%2F3h8Eq%2FqOEuF2SrBccCD7ekPiHVLgI3qKlhQu89fO3USiSxhQuZZzUBcG55T%2F2R%2ByFBcVS4rb%2BF8ois1nDvyTQaUaUP6KdXplzJUF2StllM4N8mqAnzrS1298%2F0PNb9hwrZIPsFNpO7u2thC7th8UN5tmZeXyyl7WF4ElldcdCRuzIpjJKae%2BpC%2FXyPd1nZk9k%2FbNwFY%2FmYLAZJKd92wBYgFP1UK6frqMHSCPn83Bq9cqAR79RvgggdhpRgIBjj0Oqh7aAo3RlAO9d6KNfT2kzjsQeH%2FSvi9P3BKbMIUZ5pLtKpTXsdz0KB9ey1sUMYhd74sjpt9RV32rxM%2FGJJXtiZoqdUL276D45w4POA41v6rJjOZmSEHNIj7o27YnmojgAG9kwUiuRn3AAVCch0UQXCH6D0Bo4I1cx%2FNXvUPomu9VgbrvK0SMbqaupzuZ6ntdyjDVTqMQkRySgtYQ2MsD0S2Fpdq9%2FHYFPum5Byp8cFjDfBvCBHz7BHe6UHCtG94dmjrrlLWXHx3p%2FlBg3yVtlM7SGO3qp8So5KwVEjySDfcjjqnpj%2FvAHVrlfGPAuOXwjTJs50jcteZozmju2v2LGRnMU6cwUq4KCxJTRgtg37d2rU9g6id7NHXMOqGmdEGOpcBDhEaOaKDXCgJHWixG7YXZyvfpwRWak1Zfw5eDc68pC45bK%2BMcVY%2FJYCbmEhSPIGWexVtvP8nCuc%2FXKvzjtnku7Z%2F4lyGfUnusZPr3la5TF%2FTgZQXemIjkPk5C4CddnItgAXSRUNkTttsRUnAO95K04r6gxWeVGeN67e341O6lOgfJ4y5LSCcZtUp6HPLN1rrN5LyCz9z7A%3D%3D&amp;Expires=1780896061\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/p>\n<p class=\"wp-block-paragraph\">The threat does not stop at individual fans. Corporate sponsors, affiliated vendors, travel providers, and ticketing platforms are all in the crosshairs. <\/p>\n<p class=\"wp-block-paragraph\">Stolen payment credentials are being used by carders to buy real tickets, which are then resold for profit. This kind of fraud lets criminals move money quickly while hiding behind the appearance of a normal transaction.<a href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/d0427b5b-ac97-4c96-8de7-1550a8655609\/Cybercriminals-Exploit-2026-FIFA-World-Cup-With-Phishing-Fake-Stores-and-Ticket-Scams.pdf?AWSAccessKeyId=ASIA2F3EMEYEXNDPAZQ6&amp;Signature=%2FlVS%2BnMdfRryGqdeHrNcjotlk4A%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEOX%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJIMEYCIQC%2FH4m2B%2BbOAqJMgyIHL2o0p66RngZvNwyA%2BvZVQNmjJwIhAPd7r9w3UU%2FVYTa0t9FaDwoFQ9tD%2FbOFm6E3TjyufBbeKvwECK7%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEQARoMNjk5NzUzMzA5NzA1IgwicsGG9%2FwyRTbNLvYq0ATMBa2FEuA8r31BS0bG9dkfOBUUrtBl9odWp7AZhHrbDaJDFdK%2Ff75TmP%2Bm%2BLGMpjUpMUmVluCL2JDsHLxUqY29J1H62ba7NDs%2FNjyqnfbGtRtZ%2BTKbzBcAl2ZKnUiFOy%2FLe7lHF6r1Q8ulCtWQ7kAfdAbsapva%2F3h8Eq%2FqOEuF2SrBccCD7ekPiHVLgI3qKlhQu89fO3USiSxhQuZZzUBcG55T%2F2R%2ByFBcVS4rb%2BF8ois1nDvyTQaUaUP6KdXplzJUF2StllM4N8mqAnzrS1298%2F0PNb9hwrZIPsFNpO7u2thC7th8UN5tmZeXyyl7WF4ElldcdCRuzIpjJKae%2BpC%2FXyPd1nZk9k%2FbNwFY%2FmYLAZJKd92wBYgFP1UK6frqMHSCPn83Bq9cqAR79RvgggdhpRgIBjj0Oqh7aAo3RlAO9d6KNfT2kzjsQeH%2FSvi9P3BKbMIUZ5pLtKpTXsdz0KB9ey1sUMYhd74sjpt9RV32rxM%2FGJJXtiZoqdUL276D45w4POA41v6rJjOZmSEHNIj7o27YnmojgAG9kwUiuRn3AAVCch0UQXCH6D0Bo4I1cx%2FNXvUPomu9VgbrvK0SMbqaupzuZ6ntdyjDVTqMQkRySgtYQ2MsD0S2Fpdq9%2FHYFPum5Byp8cFjDfBvCBHz7BHe6UHCtG94dmjrrlLWXHx3p%2FlBg3yVtlM7SGO3qp8So5KwVEjySDfcjjqnpj%2FvAHVrlfGPAuOXwjTJs50jcteZozmju2v2LGRnMU6cwUq4KCxJTRgtg37d2rU9g6id7NHXMOqGmdEGOpcBDhEaOaKDXCgJHWixG7YXZyvfpwRWak1Zfw5eDc68pC45bK%2BMcVY%2FJYCbmEhSPIGWexVtvP8nCuc%2FXKvzjtnku7Z%2F4lyGfUnusZPr3la5TF%2FTgZQXemIjkPk5C4CddnItgAXSRUNkTttsRUnAO95K04r6gxWeVGeN67e341O6lOgfJ4y5LSCcZtUp6HPLN1rrN5LyCz9z7A%3D%3D&amp;Expires=1780896061\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/p>\n<h2 id=\"h-cybercriminals-exploit-2026-fifa-world-cup\" class=\"wp-block-heading\"><strong>Cybercriminals Exploit 2026 FIFA World Cup<\/strong><\/h2>\n<p class=\"wp-block-paragraph\">In one campaign active during April and May 2026, Recorded Future\u2019s Payment Fraud Intelligence team identified a network of 33 World Cup-themed purchase scam domains connected to roughly 2,500 online advertisements. <\/p>\n<p class=\"wp-block-paragraph\">These fake stores were built to look like official FIFA merchandise outlets, attracting victims through ads on platforms like Meta. When a victim made a purchase, the order never arrived, but their payment card data and personal information were fully exposed.<a href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/d0427b5b-ac97-4c96-8de7-1550a8655609\/Cybercriminals-Exploit-2026-FIFA-World-Cup-With-Phishing-Fake-Stores-and-Ticket-Scams.pdf?AWSAccessKeyId=ASIA2F3EMEYEXNDPAZQ6&amp;Signature=%2FlVS%2BnMdfRryGqdeHrNcjotlk4A%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEOX%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJIMEYCIQC%2FH4m2B%2BbOAqJMgyIHL2o0p66RngZvNwyA%2BvZVQNmjJwIhAPd7r9w3UU%2FVYTa0t9FaDwoFQ9tD%2FbOFm6E3TjyufBbeKvwECK7%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEQARoMNjk5NzUzMzA5NzA1IgwicsGG9%2FwyRTbNLvYq0ATMBa2FEuA8r31BS0bG9dkfOBUUrtBl9odWp7AZhHrbDaJDFdK%2Ff75TmP%2Bm%2BLGMpjUpMUmVluCL2JDsHLxUqY29J1H62ba7NDs%2FNjyqnfbGtRtZ%2BTKbzBcAl2ZKnUiFOy%2FLe7lHF6r1Q8ulCtWQ7kAfdAbsapva%2F3h8Eq%2FqOEuF2SrBccCD7ekPiHVLgI3qKlhQu89fO3USiSxhQuZZzUBcG55T%2F2R%2ByFBcVS4rb%2BF8ois1nDvyTQaUaUP6KdXplzJUF2StllM4N8mqAnzrS1298%2F0PNb9hwrZIPsFNpO7u2thC7th8UN5tmZeXyyl7WF4ElldcdCRuzIpjJKae%2BpC%2FXyPd1nZk9k%2FbNwFY%2FmYLAZJKd92wBYgFP1UK6frqMHSCPn83Bq9cqAR79RvgggdhpRgIBjj0Oqh7aAo3RlAO9d6KNfT2kzjsQeH%2FSvi9P3BKbMIUZ5pLtKpTXsdz0KB9ey1sUMYhd74sjpt9RV32rxM%2FGJJXtiZoqdUL276D45w4POA41v6rJjOZmSEHNIj7o27YnmojgAG9kwUiuRn3AAVCch0UQXCH6D0Bo4I1cx%2FNXvUPomu9VgbrvK0SMbqaupzuZ6ntdyjDVTqMQkRySgtYQ2MsD0S2Fpdq9%2FHYFPum5Byp8cFjDfBvCBHz7BHe6UHCtG94dmjrrlLWXHx3p%2FlBg3yVtlM7SGO3qp8So5KwVEjySDfcjjqnpj%2FvAHVrlfGPAuOXwjTJs50jcteZozmju2v2LGRnMU6cwUq4KCxJTRgtg37d2rU9g6id7NHXMOqGmdEGOpcBDhEaOaKDXCgJHWixG7YXZyvfpwRWak1Zfw5eDc68pC45bK%2BMcVY%2FJYCbmEhSPIGWexVtvP8nCuc%2FXKvzjtnku7Z%2F4lyGfUnusZPr3la5TF%2FTgZQXemIjkPk5C4CddnItgAXSRUNkTttsRUnAO95K04r6gxWeVGeN67e341O6lOgfJ4y5LSCcZtUp6HPLN1rrN5LyCz9z7A%3D%3D&amp;Expires=1780896061\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/p>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgpW0319ZubgGEByDzt9ydvD9E_g9S1Wta8ZIU7JrDz3p3xcHgIUp24Zi4m0PYciZuG5JFwYnKTvYVLJn31CqRJg5eFFZ8W-usjot2gB3k1dcGcE8iDhSAWuRLxLkC0SFHPya12624XLtno2hv6aaF8KqoVdCz7zfq_fDx3STyed4DojRUhXiVprVPMbHw\/s16000\/Composite%2520Country%2520Risk%2520Scores%2520for%2520Canada%2C%2520Mexico%2C%2520and%2520the%2520US%2520%28Source%2520-%2520Recorded%2520Future%29.webp?ssl=1\" alt=\"Composite Country Risk Scores for Canada, Mexico, and the US (Source - Recorded Future)\"><figcaption class=\"wp-element-caption\">Composite Country Risk Scores for Canada, Mexico, and the US (Source \u2013 Recorded Future)<\/figcaption><\/figure>\n<\/div>\n<p class=\"wp-block-paragraph\">Several of those scam domains used multiple merchant accounts to keep payments flowing even as individual domains were rotated out. <\/p>\n<p class=\"wp-block-paragraph\">This allows criminals to keep their payment infrastructure running behind the scenes, even when one storefront gets taken down. It is a level of sophistication that <a href=\"https:\/\/cybersecuritynews.com\/phishing-scams-targeting-online-gamblers-how-to-stay-safe\/\" id=\"141638\" target=\"_blank\" rel=\"noreferrer noopener\">makes these scams harder to stop than a simple one-off fake website<\/a>.<\/p>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEj51gECNLUziqwv9Y4riaNrEZW4U3rUVww9oUvRyTGZPjE-CsVm6oxVcNEBUi8pEU1vefpOHQ8iEVOFhoHSM8HsAlHah-85goWgOMynIATLCG_B8XFQ5Rp4-YcqsUtk6TSQY8d_CZyh0bWmsQdOd25Stiipmiu3vd7NxVPTBc1W2_H4BmxFe6nMij1sZFw\/s16000\/The%2520scam%2520domain%2520onlinefifavip-eu%255B.%255Dshop%2520promoted%2520through%2520Meta%2520Ads%2520Library%2520%28Source%2520-%2520Recorded%2520Future%29.webp?ssl=1\" alt=\"The scam domain onlinefifavip-eu[.]shop promoted through Meta Ads Library (Source - Recorded Future)\"><figcaption class=\"wp-element-caption\">The scam domain onlinefifavip-eu[.]shop promoted through Meta Ads Library (Source \u2013 Recorded Future)<\/figcaption><\/figure>\n<\/div>\n<p class=\"wp-block-paragraph\">In a second campaign, threat actors compromised legitimate websites and manipulated how those pages appeared in search results. Victims searching for official FIFA merchandise would land on what looked like a trusted site, only to be quietly redirected to a scam domain. <\/p>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEj64wDepAyr1cjwUuJXk_5K_d0TahwhsD-kbFqpa-6gz6Tiwp8H3cY9Z0P5eEAPVD7C2Xn5Ne1Yd4gJYOUKb4prz7c6n1NJBgKtZLp-bp6lBR5k1ruDUspivyshhTE86lxJ8G3ij5S06z_mlFSVW2r2TfyuUbJmFqR9Bg_Cyjxw_UFsmpl7neqGLkM_ZRw\/s16000\/Search%2520engine%2520results%2520for%2520superbclicks%255B.%255Dcom%2520redirecting%2520victims%2520to%2520purchase%2520scam%2520domain%2520jpopfreehhh%255B.%255Dclick%2520%28Source%2520-%2520Recorded%2520Future%29.webp?ssl=1\" alt=\"Search engine results for superbclicks[.]com redirecting victims to purchase scam domain jpopfreehhh[.]click (Source - Recorded Future)\"><figcaption class=\"wp-element-caption\">Search engine results for superbclicks[.]com redirecting victims to purchase scam domain jpopfreehhh[.]click (Source \u2013 Recorded Future)<\/figcaption><\/figure>\n<\/div>\n<p class=\"wp-block-paragraph\">The scam pages did not even need to appear in search results, because the traffic came through already-indexed pages.<a href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/d0427b5b-ac97-4c96-8de7-1550a8655609\/Cybercriminals-Exploit-2026-FIFA-World-Cup-With-Phishing-Fake-Stores-and-Ticket-Scams.pdf?AWSAccessKeyId=ASIA2F3EMEYEXNDPAZQ6&amp;Signature=%2FlVS%2BnMdfRryGqdeHrNcjotlk4A%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEOX%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJIMEYCIQC%2FH4m2B%2BbOAqJMgyIHL2o0p66RngZvNwyA%2BvZVQNmjJwIhAPd7r9w3UU%2FVYTa0t9FaDwoFQ9tD%2FbOFm6E3TjyufBbeKvwECK7%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEQARoMNjk5NzUzMzA5NzA1IgwicsGG9%2FwyRTbNLvYq0ATMBa2FEuA8r31BS0bG9dkfOBUUrtBl9odWp7AZhHrbDaJDFdK%2Ff75TmP%2Bm%2BLGMpjUpMUmVluCL2JDsHLxUqY29J1H62ba7NDs%2FNjyqnfbGtRtZ%2BTKbzBcAl2ZKnUiFOy%2FLe7lHF6r1Q8ulCtWQ7kAfdAbsapva%2F3h8Eq%2FqOEuF2SrBccCD7ekPiHVLgI3qKlhQu89fO3USiSxhQuZZzUBcG55T%2F2R%2ByFBcVS4rb%2BF8ois1nDvyTQaUaUP6KdXplzJUF2StllM4N8mqAnzrS1298%2F0PNb9hwrZIPsFNpO7u2thC7th8UN5tmZeXyyl7WF4ElldcdCRuzIpjJKae%2BpC%2FXyPd1nZk9k%2FbNwFY%2FmYLAZJKd92wBYgFP1UK6frqMHSCPn83Bq9cqAR79RvgggdhpRgIBjj0Oqh7aAo3RlAO9d6KNfT2kzjsQeH%2FSvi9P3BKbMIUZ5pLtKpTXsdz0KB9ey1sUMYhd74sjpt9RV32rxM%2FGJJXtiZoqdUL276D45w4POA41v6rJjOZmSEHNIj7o27YnmojgAG9kwUiuRn3AAVCch0UQXCH6D0Bo4I1cx%2FNXvUPomu9VgbrvK0SMbqaupzuZ6ntdyjDVTqMQkRySgtYQ2MsD0S2Fpdq9%2FHYFPum5Byp8cFjDfBvCBHz7BHe6UHCtG94dmjrrlLWXHx3p%2FlBg3yVtlM7SGO3qp8So5KwVEjySDfcjjqnpj%2FvAHVrlfGPAuOXwjTJs50jcteZozmju2v2LGRnMU6cwUq4KCxJTRgtg37d2rU9g6id7NHXMOqGmdEGOpcBDhEaOaKDXCgJHWixG7YXZyvfpwRWak1Zfw5eDc68pC45bK%2BMcVY%2FJYCbmEhSPIGWexVtvP8nCuc%2FXKvzjtnku7Z%2F4lyGfUnusZPr3la5TF%2FTgZQXemIjkPk5C4CddnItgAXSRUNkTttsRUnAO95K04r6gxWeVGeN67e341O6lOgfJ4y5LSCcZtUp6HPLN1rrN5LyCz9z7A%3D%3D&amp;Expires=1780896061\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/p>\n<h2 id=\"h-phishing-dark-web-activity-and-stolen-credentials\" class=\"wp-block-heading\"><strong>Phishing, Dark Web Activity, and Stolen Credentials<\/strong><\/h2>\n<p class=\"wp-block-paragraph\">Since April 1, 2026, Insikt Group researchers detected more than 1,100 suspicious domains containing the words \u201cWorld\u201d and \u201cCup,\u201d over 600 typosquat domains mimicking fifa.com, and 260 registered domains combining FIFA branding with host-city names. <\/p>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjMDJkqiPzdejEH097nOOriaht4Bw5ARP9Ot1CYTtrmY1qtTCY0-WGffzM2Icb8h3tmLzhm-BGVeZpPRIlYvV4Ldsfr2q0JC6htk8dnM7nCV4A69yDj2ahBWNQG71U4JXH6jpchi9Qb4Ve9WYrnLwj-4wyuBp84-bYvRl8-vStOtRyGtZW_-fRNgNCYjWU\/s16000\/The%2520scam%2520domain%2520fifafanstorehub%255B.%255Dcom%2520promoted%2520through%2520Meta%2520Ads%2520Library%2520%28Source%2520-%2520Recorded%2520Future%29.webp?ssl=1\" alt=\"The scam domain fifafanstorehub[.]com promoted through Meta Ads Library (Source - Recorded Future)\"><figcaption class=\"wp-element-caption\">The scam domain fifafanstorehub[.]com promoted through Meta Ads Library (Source \u2013 Recorded Future)<\/figcaption><\/figure>\n<\/div>\n<p class=\"wp-block-paragraph\">Chinese-speaking threat actors have reportedly cloned <a href=\"https:\/\/cybersecuritynews.com\/domains-used-malware\/\" id=\"12908\" target=\"_blank\" rel=\"noreferrer noopener\">FIFA\u2019s official website across around 300 domains to harvest user credentials<\/a> ahead of the tournament.<a href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/d0427b5b-ac97-4c96-8de7-1550a8655609\/Cybercriminals-Exploit-2026-FIFA-World-Cup-With-Phishing-Fake-Stores-and-Ticket-Scams.pdf?AWSAccessKeyId=ASIA2F3EMEYEXNDPAZQ6&amp;Signature=%2FlVS%2BnMdfRryGqdeHrNcjotlk4A%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEOX%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJIMEYCIQC%2FH4m2B%2BbOAqJMgyIHL2o0p66RngZvNwyA%2BvZVQNmjJwIhAPd7r9w3UU%2FVYTa0t9FaDwoFQ9tD%2FbOFm6E3TjyufBbeKvwECK7%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEQARoMNjk5NzUzMzA5NzA1IgwicsGG9%2FwyRTbNLvYq0ATMBa2FEuA8r31BS0bG9dkfOBUUrtBl9odWp7AZhHrbDaJDFdK%2Ff75TmP%2Bm%2BLGMpjUpMUmVluCL2JDsHLxUqY29J1H62ba7NDs%2FNjyqnfbGtRtZ%2BTKbzBcAl2ZKnUiFOy%2FLe7lHF6r1Q8ulCtWQ7kAfdAbsapva%2F3h8Eq%2FqOEuF2SrBccCD7ekPiHVLgI3qKlhQu89fO3USiSxhQuZZzUBcG55T%2F2R%2ByFBcVS4rb%2BF8ois1nDvyTQaUaUP6KdXplzJUF2StllM4N8mqAnzrS1298%2F0PNb9hwrZIPsFNpO7u2thC7th8UN5tmZeXyyl7WF4ElldcdCRuzIpjJKae%2BpC%2FXyPd1nZk9k%2FbNwFY%2FmYLAZJKd92wBYgFP1UK6frqMHSCPn83Bq9cqAR79RvgggdhpRgIBjj0Oqh7aAo3RlAO9d6KNfT2kzjsQeH%2FSvi9P3BKbMIUZ5pLtKpTXsdz0KB9ey1sUMYhd74sjpt9RV32rxM%2FGJJXtiZoqdUL276D45w4POA41v6rJjOZmSEHNIj7o27YnmojgAG9kwUiuRn3AAVCch0UQXCH6D0Bo4I1cx%2FNXvUPomu9VgbrvK0SMbqaupzuZ6ntdyjDVTqMQkRySgtYQ2MsD0S2Fpdq9%2FHYFPum5Byp8cFjDfBvCBHz7BHe6UHCtG94dmjrrlLWXHx3p%2FlBg3yVtlM7SGO3qp8So5KwVEjySDfcjjqnpj%2FvAHVrlfGPAuOXwjTJs50jcteZozmju2v2LGRnMU6cwUq4KCxJTRgtg37d2rU9g6id7NHXMOqGmdEGOpcBDhEaOaKDXCgJHWixG7YXZyvfpwRWak1Zfw5eDc68pC45bK%2BMcVY%2FJYCbmEhSPIGWexVtvP8nCuc%2FXKvzjtnku7Z%2F4lyGfUnusZPr3la5TF%2FTgZQXemIjkPk5C4CddnItgAXSRUNkTttsRUnAO95K04r6gxWeVGeN67e341O6lOgfJ4y5LSCcZtUp6HPLN1rrN5LyCz9z7A%3D%3D&amp;Expires=1780896061\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/p>\n<p class=\"wp-block-paragraph\">On the dark web, stolen FIFA-related credentials linked to individual accounts are already being sold on marketplaces like Russian Market. <\/p>\n<p class=\"wp-block-paragraph\">Threat actors have also been spotted advertising cash-out services on criminal forums, targeting major ticketing platforms including Ticketmaster, StubHub, and SeatGeek. These services let criminals convert stolen payment data or account access into real money fast.<a href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/d0427b5b-ac97-4c96-8de7-1550a8655609\/Cybercriminals-Exploit-2026-FIFA-World-Cup-With-Phishing-Fake-Stores-and-Ticket-Scams.pdf?AWSAccessKeyId=ASIA2F3EMEYEXNDPAZQ6&amp;Signature=%2FlVS%2BnMdfRryGqdeHrNcjotlk4A%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEOX%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJIMEYCIQC%2FH4m2B%2BbOAqJMgyIHL2o0p66RngZvNwyA%2BvZVQNmjJwIhAPd7r9w3UU%2FVYTa0t9FaDwoFQ9tD%2FbOFm6E3TjyufBbeKvwECK7%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEQARoMNjk5NzUzMzA5NzA1IgwicsGG9%2FwyRTbNLvYq0ATMBa2FEuA8r31BS0bG9dkfOBUUrtBl9odWp7AZhHrbDaJDFdK%2Ff75TmP%2Bm%2BLGMpjUpMUmVluCL2JDsHLxUqY29J1H62ba7NDs%2FNjyqnfbGtRtZ%2BTKbzBcAl2ZKnUiFOy%2FLe7lHF6r1Q8ulCtWQ7kAfdAbsapva%2F3h8Eq%2FqOEuF2SrBccCD7ekPiHVLgI3qKlhQu89fO3USiSxhQuZZzUBcG55T%2F2R%2ByFBcVS4rb%2BF8ois1nDvyTQaUaUP6KdXplzJUF2StllM4N8mqAnzrS1298%2F0PNb9hwrZIPsFNpO7u2thC7th8UN5tmZeXyyl7WF4ElldcdCRuzIpjJKae%2BpC%2FXyPd1nZk9k%2FbNwFY%2FmYLAZJKd92wBYgFP1UK6frqMHSCPn83Bq9cqAR79RvgggdhpRgIBjj0Oqh7aAo3RlAO9d6KNfT2kzjsQeH%2FSvi9P3BKbMIUZ5pLtKpTXsdz0KB9ey1sUMYhd74sjpt9RV32rxM%2FGJJXtiZoqdUL276D45w4POA41v6rJjOZmSEHNIj7o27YnmojgAG9kwUiuRn3AAVCch0UQXCH6D0Bo4I1cx%2FNXvUPomu9VgbrvK0SMbqaupzuZ6ntdyjDVTqMQkRySgtYQ2MsD0S2Fpdq9%2FHYFPum5Byp8cFjDfBvCBHz7BHe6UHCtG94dmjrrlLWXHx3p%2FlBg3yVtlM7SGO3qp8So5KwVEjySDfcjjqnpj%2FvAHVrlfGPAuOXwjTJs50jcteZozmju2v2LGRnMU6cwUq4KCxJTRgtg37d2rU9g6id7NHXMOqGmdEGOpcBDhEaOaKDXCgJHWixG7YXZyvfpwRWak1Zfw5eDc68pC45bK%2BMcVY%2FJYCbmEhSPIGWexVtvP8nCuc%2FXKvzjtnku7Z%2F4lyGfUnusZPr3la5TF%2FTgZQXemIjkPk5C4CddnItgAXSRUNkTttsRUnAO95K04r6gxWeVGeN67e341O6lOgfJ4y5LSCcZtUp6HPLN1rrN5LyCz9z7A%3D%3D&amp;Expires=1780896061\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/p>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEipa3b7t0gXZookP8K3IVC916Uh3O_NSTDedb8VzgRh0Bjhe5R-MSdDF380Hs4H4QRGN_sS91qcmraJQwB7e86BkUuOCs7N9EolG1Uj-12JC9zIdF8T6ccLUt33vsQKM7zKpkAW1dF4-Xqm89BttOCXoEbiGLyf1yGypcbhUmZ3TdY9jFj0w8mgPUKTGd0\/s16000\/Threat%2520actor%2520advertising%2520cash-out%2520services%2520for%2520event%2520payments%2520on%2520major%2520ticketing%2520platforms%2C%2520including%2520Ticketmaster%2C%2520StubHub%2C%2520SeatGeek%2C%2520and%2520Vivid%2520Seats%2520%28Source%2520-%2520Recorded%2520Future%29.webp?ssl=1\" alt=\"Threat actor advertising cash-out services for event payments on major ticketing platforms, including Ticketmaster, StubHub, SeatGeek, and Vivid Seats (Source - Recorded Future)\"><figcaption class=\"wp-element-caption\">Threat actor advertising cash-out services for event payments on major ticketing platforms, including Ticketmaster, StubHub, SeatGeek, and Vivid Seats (Source \u2013 Recorded Future)<\/figcaption><\/figure>\n<\/div>\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/cybersecuritynews.com\/beware-of-weaponized-recruitment-emails\/\" id=\"98441\" target=\"_blank\" rel=\"noreferrer noopener\">Security experts recommend that fans avoid clicking links in unsolicited emails<\/a> or texts about World Cup tickets and always verify any store or ticket source through official FIFA channels. <\/p>\n<p class=\"wp-block-paragraph\">Organizations connected to the tournament should monitor for brand abuse, newly registered lookalike domains, and compromised credentials appearing on dark web forums. Proactive credential monitoring and domain alerting are among the strongest defenses available right now.<a href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/d0427b5b-ac97-4c96-8de7-1550a8655609\/Cybercriminals-Exploit-2026-FIFA-World-Cup-With-Phishing-Fake-Stores-and-Ticket-Scams.pdf?AWSAccessKeyId=ASIA2F3EMEYEXNDPAZQ6&amp;Signature=%2FlVS%2BnMdfRryGqdeHrNcjotlk4A%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEOX%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJIMEYCIQC%2FH4m2B%2BbOAqJMgyIHL2o0p66RngZvNwyA%2BvZVQNmjJwIhAPd7r9w3UU%2FVYTa0t9FaDwoFQ9tD%2FbOFm6E3TjyufBbeKvwECK7%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEQARoMNjk5NzUzMzA5NzA1IgwicsGG9%2FwyRTbNLvYq0ATMBa2FEuA8r31BS0bG9dkfOBUUrtBl9odWp7AZhHrbDaJDFdK%2Ff75TmP%2Bm%2BLGMpjUpMUmVluCL2JDsHLxUqY29J1H62ba7NDs%2FNjyqnfbGtRtZ%2BTKbzBcAl2ZKnUiFOy%2FLe7lHF6r1Q8ulCtWQ7kAfdAbsapva%2F3h8Eq%2FqOEuF2SrBccCD7ekPiHVLgI3qKlhQu89fO3USiSxhQuZZzUBcG55T%2F2R%2ByFBcVS4rb%2BF8ois1nDvyTQaUaUP6KdXplzJUF2StllM4N8mqAnzrS1298%2F0PNb9hwrZIPsFNpO7u2thC7th8UN5tmZeXyyl7WF4ElldcdCRuzIpjJKae%2BpC%2FXyPd1nZk9k%2FbNwFY%2FmYLAZJKd92wBYgFP1UK6frqMHSCPn83Bq9cqAR79RvgggdhpRgIBjj0Oqh7aAo3RlAO9d6KNfT2kzjsQeH%2FSvi9P3BKbMIUZ5pLtKpTXsdz0KB9ey1sUMYhd74sjpt9RV32rxM%2FGJJXtiZoqdUL276D45w4POA41v6rJjOZmSEHNIj7o27YnmojgAG9kwUiuRn3AAVCch0UQXCH6D0Bo4I1cx%2FNXvUPomu9VgbrvK0SMbqaupzuZ6ntdyjDVTqMQkRySgtYQ2MsD0S2Fpdq9%2FHYFPum5Byp8cFjDfBvCBHz7BHe6UHCtG94dmjrrlLWXHx3p%2FlBg3yVtlM7SGO3qp8So5KwVEjySDfcjjqnpj%2FvAHVrlfGPAuOXwjTJs50jcteZozmju2v2LGRnMU6cwUq4KCxJTRgtg37d2rU9g6id7NHXMOqGmdEGOpcBDhEaOaKDXCgJHWixG7YXZyvfpwRWak1Zfw5eDc68pC45bK%2BMcVY%2FJYCbmEhSPIGWexVtvP8nCuc%2FXKvzjtnku7Z%2F4lyGfUnusZPr3la5TF%2FTgZQXemIjkPk5C4CddnItgAXSRUNkTttsRUnAO95K04r6gxWeVGeN67e341O6lOgfJ4y5LSCcZtUp6HPLN1rrN5LyCz9z7A%3D%3D&amp;Expires=1780896061\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/p>\n<h2 id=\"h-indicators-of-compromise-iocs\" class=\"wp-block-heading\"><strong>Indicators of Compromise (IoCs):-<\/strong><\/h2>\n<figure class=\"wp-block-table\">\n<table class=\"has-fixed-layout\">\n<thead>\n<tr>\n<th class=\"has-text-align-left\" data-align=\"left\">Type<\/th>\n<th class=\"has-text-align-left\" data-align=\"left\">Indicator<\/th>\n<th class=\"has-text-align-left\" data-align=\"left\">Description<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>Domain<\/td>\n<td>onlinefifavip-eu[.]shop<\/td>\n<td>FIFA World Cup purchase scam domain promoted via Meta Ads Library\u00a0<a rel=\"noreferrer noopener\" target=\"_blank\" href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/d0427b5b-ac97-4c96-8de7-1550a8655609\/Cybercriminals-Exploit-2026-FIFA-World-Cup-With-Phishing-Fake-Stores-and-Ticket-Scams.pdf?AWSAccessKeyId=ASIA2F3EMEYEXNDPAZQ6&amp;Signature=%2FlVS%2BnMdfRryGqdeHrNcjotlk4A%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEOX%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJIMEYCIQC%2FH4m2B%2BbOAqJMgyIHL2o0p66RngZvNwyA%2BvZVQNmjJwIhAPd7r9w3UU%2FVYTa0t9FaDwoFQ9tD%2FbOFm6E3TjyufBbeKvwECK7%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEQARoMNjk5NzUzMzA5NzA1IgwicsGG9%2FwyRTbNLvYq0ATMBa2FEuA8r31BS0bG9dkfOBUUrtBl9odWp7AZhHrbDaJDFdK%2Ff75TmP%2Bm%2BLGMpjUpMUmVluCL2JDsHLxUqY29J1H62ba7NDs%2FNjyqnfbGtRtZ%2BTKbzBcAl2ZKnUiFOy%2FLe7lHF6r1Q8ulCtWQ7kAfdAbsapva%2F3h8Eq%2FqOEuF2SrBccCD7ekPiHVLgI3qKlhQu89fO3USiSxhQuZZzUBcG55T%2F2R%2ByFBcVS4rb%2BF8ois1nDvyTQaUaUP6KdXplzJUF2StllM4N8mqAnzrS1298%2F0PNb9hwrZIPsFNpO7u2thC7th8UN5tmZeXyyl7WF4ElldcdCRuzIpjJKae%2BpC%2FXyPd1nZk9k%2FbNwFY%2FmYLAZJKd92wBYgFP1UK6frqMHSCPn83Bq9cqAR79RvgggdhpRgIBjj0Oqh7aAo3RlAO9d6KNfT2kzjsQeH%2FSvi9P3BKbMIUZ5pLtKpTXsdz0KB9ey1sUMYhd74sjpt9RV32rxM%2FGJJXtiZoqdUL276D45w4POA41v6rJjOZmSEHNIj7o27YnmojgAG9kwUiuRn3AAVCch0UQXCH6D0Bo4I1cx%2FNXvUPomu9VgbrvK0SMbqaupzuZ6ntdyjDVTqMQkRySgtYQ2MsD0S2Fpdq9%2FHYFPum5Byp8cFjDfBvCBHz7BHe6UHCtG94dmjrrlLWXHx3p%2FlBg3yVtlM7SGO3qp8So5KwVEjySDfcjjqnpj%2FvAHVrlfGPAuOXwjTJs50jcteZozmju2v2LGRnMU6cwUq4KCxJTRgtg37d2rU9g6id7NHXMOqGmdEGOpcBDhEaOaKDXCgJHWixG7YXZyvfpwRWak1Zfw5eDc68pC45bK%2BMcVY%2FJYCbmEhSPIGWexVtvP8nCuc%2FXKvzjtnku7Z%2F4lyGfUnusZPr3la5TF%2FTgZQXemIjkPk5C4CddnItgAXSRUNkTttsRUnAO95K04r6gxWeVGeN67e341O6lOgfJ4y5LSCcZtUp6HPLN1rrN5LyCz9z7A%3D%3D&amp;Expires=1780896061\"><\/a>\n<\/td>\n<\/tr>\n<tr>\n<td>Domain<\/td>\n<td>superbclicks[.]com<\/td>\n<td>Compromised legitimate website used to redirect victims to scam infrastructure\u00a0<a rel=\"noreferrer noopener\" target=\"_blank\" href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/d0427b5b-ac97-4c96-8de7-1550a8655609\/Cybercriminals-Exploit-2026-FIFA-World-Cup-With-Phishing-Fake-Stores-and-Ticket-Scams.pdf?AWSAccessKeyId=ASIA2F3EMEYEXNDPAZQ6&amp;Signature=%2FlVS%2BnMdfRryGqdeHrNcjotlk4A%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEOX%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJIMEYCIQC%2FH4m2B%2BbOAqJMgyIHL2o0p66RngZvNwyA%2BvZVQNmjJwIhAPd7r9w3UU%2FVYTa0t9FaDwoFQ9tD%2FbOFm6E3TjyufBbeKvwECK7%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEQARoMNjk5NzUzMzA5NzA1IgwicsGG9%2FwyRTbNLvYq0ATMBa2FEuA8r31BS0bG9dkfOBUUrtBl9odWp7AZhHrbDaJDFdK%2Ff75TmP%2Bm%2BLGMpjUpMUmVluCL2JDsHLxUqY29J1H62ba7NDs%2FNjyqnfbGtRtZ%2BTKbzBcAl2ZKnUiFOy%2FLe7lHF6r1Q8ulCtWQ7kAfdAbsapva%2F3h8Eq%2FqOEuF2SrBccCD7ekPiHVLgI3qKlhQu89fO3USiSxhQuZZzUBcG55T%2F2R%2ByFBcVS4rb%2BF8ois1nDvyTQaUaUP6KdXplzJUF2StllM4N8mqAnzrS1298%2F0PNb9hwrZIPsFNpO7u2thC7th8UN5tmZeXyyl7WF4ElldcdCRuzIpjJKae%2BpC%2FXyPd1nZk9k%2FbNwFY%2FmYLAZJKd92wBYgFP1UK6frqMHSCPn83Bq9cqAR79RvgggdhpRgIBjj0Oqh7aAo3RlAO9d6KNfT2kzjsQeH%2FSvi9P3BKbMIUZ5pLtKpTXsdz0KB9ey1sUMYhd74sjpt9RV32rxM%2FGJJXtiZoqdUL276D45w4POA41v6rJjOZmSEHNIj7o27YnmojgAG9kwUiuRn3AAVCch0UQXCH6D0Bo4I1cx%2FNXvUPomu9VgbrvK0SMbqaupzuZ6ntdyjDVTqMQkRySgtYQ2MsD0S2Fpdq9%2FHYFPum5Byp8cFjDfBvCBHz7BHe6UHCtG94dmjrrlLWXHx3p%2FlBg3yVtlM7SGO3qp8So5KwVEjySDfcjjqnpj%2FvAHVrlfGPAuOXwjTJs50jcteZozmju2v2LGRnMU6cwUq4KCxJTRgtg37d2rU9g6id7NHXMOqGmdEGOpcBDhEaOaKDXCgJHWixG7YXZyvfpwRWak1Zfw5eDc68pC45bK%2BMcVY%2FJYCbmEhSPIGWexVtvP8nCuc%2FXKvzjtnku7Z%2F4lyGfUnusZPr3la5TF%2FTgZQXemIjkPk5C4CddnItgAXSRUNkTttsRUnAO95K04r6gxWeVGeN67e341O6lOgfJ4y5LSCcZtUp6HPLN1rrN5LyCz9z7A%3D%3D&amp;Expires=1780896061\"><\/a>\n<\/td>\n<\/tr>\n<tr>\n<td>Domain<\/td>\n<td>jpopfreehhh[.]click<\/td>\n<td>Purchase scam domain receiving redirected victims from superbclicks[.]com\u00a0<a rel=\"noreferrer noopener\" target=\"_blank\" href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/d0427b5b-ac97-4c96-8de7-1550a8655609\/Cybercriminals-Exploit-2026-FIFA-World-Cup-With-Phishing-Fake-Stores-and-Ticket-Scams.pdf?AWSAccessKeyId=ASIA2F3EMEYEXNDPAZQ6&amp;Signature=%2FlVS%2BnMdfRryGqdeHrNcjotlk4A%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEOX%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJIMEYCIQC%2FH4m2B%2BbOAqJMgyIHL2o0p66RngZvNwyA%2BvZVQNmjJwIhAPd7r9w3UU%2FVYTa0t9FaDwoFQ9tD%2FbOFm6E3TjyufBbeKvwECK7%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEQARoMNjk5NzUzMzA5NzA1IgwicsGG9%2FwyRTbNLvYq0ATMBa2FEuA8r31BS0bG9dkfOBUUrtBl9odWp7AZhHrbDaJDFdK%2Ff75TmP%2Bm%2BLGMpjUpMUmVluCL2JDsHLxUqY29J1H62ba7NDs%2FNjyqnfbGtRtZ%2BTKbzBcAl2ZKnUiFOy%2FLe7lHF6r1Q8ulCtWQ7kAfdAbsapva%2F3h8Eq%2FqOEuF2SrBccCD7ekPiHVLgI3qKlhQu89fO3USiSxhQuZZzUBcG55T%2F2R%2ByFBcVS4rb%2BF8ois1nDvyTQaUaUP6KdXplzJUF2StllM4N8mqAnzrS1298%2F0PNb9hwrZIPsFNpO7u2thC7th8UN5tmZeXyyl7WF4ElldcdCRuzIpjJKae%2BpC%2FXyPd1nZk9k%2FbNwFY%2FmYLAZJKd92wBYgFP1UK6frqMHSCPn83Bq9cqAR79RvgggdhpRgIBjj0Oqh7aAo3RlAO9d6KNfT2kzjsQeH%2FSvi9P3BKbMIUZ5pLtKpTXsdz0KB9ey1sUMYhd74sjpt9RV32rxM%2FGJJXtiZoqdUL276D45w4POA41v6rJjOZmSEHNIj7o27YnmojgAG9kwUiuRn3AAVCch0UQXCH6D0Bo4I1cx%2FNXvUPomu9VgbrvK0SMbqaupzuZ6ntdyjDVTqMQkRySgtYQ2MsD0S2Fpdq9%2FHYFPum5Byp8cFjDfBvCBHz7BHe6UHCtG94dmjrrlLWXHx3p%2FlBg3yVtlM7SGO3qp8So5KwVEjySDfcjjqnpj%2FvAHVrlfGPAuOXwjTJs50jcteZozmju2v2LGRnMU6cwUq4KCxJTRgtg37d2rU9g6id7NHXMOqGmdEGOpcBDhEaOaKDXCgJHWixG7YXZyvfpwRWak1Zfw5eDc68pC45bK%2BMcVY%2FJYCbmEhSPIGWexVtvP8nCuc%2FXKvzjtnku7Z%2F4lyGfUnusZPr3la5TF%2FTgZQXemIjkPk5C4CddnItgAXSRUNkTttsRUnAO95K04r6gxWeVGeN67e341O6lOgfJ4y5LSCcZtUp6HPLN1rrN5LyCz9z7A%3D%3D&amp;Expires=1780896061\"><\/a>\n<\/td>\n<\/tr>\n<tr>\n<td>Domain<\/td>\n<td>fifafanstorehub[.]com<\/td>\n<td>FIFA-branded fake store used in mobile wallet fraud attack chain, promoted via Meta Ads\u00a0<a rel=\"noreferrer noopener\" target=\"_blank\" href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/d0427b5b-ac97-4c96-8de7-1550a8655609\/Cybercriminals-Exploit-2026-FIFA-World-Cup-With-Phishing-Fake-Stores-and-Ticket-Scams.pdf?AWSAccessKeyId=ASIA2F3EMEYEXNDPAZQ6&amp;Signature=%2FlVS%2BnMdfRryGqdeHrNcjotlk4A%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEOX%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJIMEYCIQC%2FH4m2B%2BbOAqJMgyIHL2o0p66RngZvNwyA%2BvZVQNmjJwIhAPd7r9w3UU%2FVYTa0t9FaDwoFQ9tD%2FbOFm6E3TjyufBbeKvwECK7%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEQARoMNjk5NzUzMzA5NzA1IgwicsGG9%2FwyRTbNLvYq0ATMBa2FEuA8r31BS0bG9dkfOBUUrtBl9odWp7AZhHrbDaJDFdK%2Ff75TmP%2Bm%2BLGMpjUpMUmVluCL2JDsHLxUqY29J1H62ba7NDs%2FNjyqnfbGtRtZ%2BTKbzBcAl2ZKnUiFOy%2FLe7lHF6r1Q8ulCtWQ7kAfdAbsapva%2F3h8Eq%2FqOEuF2SrBccCD7ekPiHVLgI3qKlhQu89fO3USiSxhQuZZzUBcG55T%2F2R%2ByFBcVS4rb%2BF8ois1nDvyTQaUaUP6KdXplzJUF2StllM4N8mqAnzrS1298%2F0PNb9hwrZIPsFNpO7u2thC7th8UN5tmZeXyyl7WF4ElldcdCRuzIpjJKae%2BpC%2FXyPd1nZk9k%2FbNwFY%2FmYLAZJKd92wBYgFP1UK6frqMHSCPn83Bq9cqAR79RvgggdhpRgIBjj0Oqh7aAo3RlAO9d6KNfT2kzjsQeH%2FSvi9P3BKbMIUZ5pLtKpTXsdz0KB9ey1sUMYhd74sjpt9RV32rxM%2FGJJXtiZoqdUL276D45w4POA41v6rJjOZmSEHNIj7o27YnmojgAG9kwUiuRn3AAVCch0UQXCH6D0Bo4I1cx%2FNXvUPomu9VgbrvK0SMbqaupzuZ6ntdyjDVTqMQkRySgtYQ2MsD0S2Fpdq9%2FHYFPum5Byp8cFjDfBvCBHz7BHe6UHCtG94dmjrrlLWXHx3p%2FlBg3yVtlM7SGO3qp8So5KwVEjySDfcjjqnpj%2FvAHVrlfGPAuOXwjTJs50jcteZozmju2v2LGRnMU6cwUq4KCxJTRgtg37d2rU9g6id7NHXMOqGmdEGOpcBDhEaOaKDXCgJHWixG7YXZyvfpwRWak1Zfw5eDc68pC45bK%2BMcVY%2FJYCbmEhSPIGWexVtvP8nCuc%2FXKvzjtnku7Z%2F4lyGfUnusZPr3la5TF%2FTgZQXemIjkPk5C4CddnItgAXSRUNkTttsRUnAO95K04r6gxWeVGeN67e341O6lOgfJ4y5LSCcZtUp6HPLN1rrN5LyCz9z7A%3D%3D&amp;Expires=1780896061\"><\/a>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/figure>\n<p class=\"wp-block-paragraph\"><strong>Note:<\/strong>\u00a0<em>IP addresses and domains are intentionally defanged (e.g.,\u00a0<\/em><code><em>[.]<\/em><\/code><em>) to prevent accidental resolution or hyperlinking. Re-fang only within controlled threat intelligence platforms such as MISP, VirusTotal, or your SIEM<\/em>.<\/p>\n<p class=\"has-text-align-center has-background wp-block-paragraph\" style=\"background:linear-gradient(180deg,rgb(238,238,238) 90%,rgb(169,184,195) 100%)\"><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong>Follow us on\u00a0<a href=\"https:\/\/news.google.com\/publications\/CAAqMggKIixDQklTR3dnTWFoY0tGV041WW1WeWMyVmpkWEpwZEhsdVpYZHpMbU52YlNnQVAB?hl=en-IN&amp;gl=IN&amp;ceid=IN:en\" target=\"_blank\" rel=\"noreferrer noopener\">Google News<\/a>,\u00a0<a href=\"https:\/\/www.linkedin.com\/company\/cybersecurity-news\/\" target=\"_blank\" rel=\"noreferrer noopener\">LinkedIn<\/a>,\u00a0and\u00a0<a href=\"https:\/\/x.com\/cyber_press_org\" target=\"_blank\" rel=\"noreferrer noopener\">X<\/a>\u00a0to Get More Instant Updates<\/strong>,\u00a0<strong>Set CSN as a Preferred Source in<\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong> <strong><strong><a href=\"https:\/\/www.google.com\/preferences\/source?q=cybersecuritynews.com\" target=\"_blank\" rel=\"noreferrer noopener\">Google<\/a><\/strong><\/strong>.<\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/p>\n<p>The post <a href=\"https:\/\/cybersecuritynews.com\/cybercriminals-exploit-2026-fifa-world-cup-with-phishing\/\">Cybercriminals Exploit 2026 FIFA World Cup With Phishing, Fake Stores, and Ticket Scams<\/a> appeared first on <a href=\"https:\/\/cybersecuritynews.com\/\">Cyber Security News<\/a>.<\/p>\n<\/div>\n<p> \t<BR><br \/>\n <BR><\/BR><br \/>\n    Tushar Subhra Dutta<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n<a href=\"https:\/\/cybersecuritynews.com\/cybercriminals-exploit-2026-fifa-world-cup-with-phishing\/\">Go to cyber-security-news<\/a><br \/>\n \t<BR><br \/>\n <BR><\/BR><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cybercriminals Exploit 2026 FIFA World Cup With Phishing, Fake Stores, and Ticket Scams The 2026 FIFA World Cup is not just a celebration of football. For cybercriminals, it is a business opportunity, and they have already gotten to work. Threat actors have been building fake FIFA stores, spinning up phishing pages, and launching purchase scams [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[129,63,649],"tags":[130],"class_list":["post-13450","post","type-post","status-publish","format-standard","hentry","category-cyber-security","category-cyber-security-news","category-threats","tag-cyber-security-news"],"_links":{"self":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/13450"}],"collection":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/comments?post=13450"}],"version-history":[{"count":0,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/13450\/revisions"}],"wp:attachment":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/media?parent=13450"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/categories?post=13450"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/tags?post=13450"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}