Cybercriminals have already registered over 4,300 fake FIFA-related domains since August 1, 2025, laying the groundwork for one of the largest sports-related fraud campaigns in history, according to a new report from Check Point Research. With global anticipation building for the 2026 FIFA World Cup in North America, the fraudsters are moving early—aligning their schemes with FIFA’s official ticketing schedule.
Coordinated Fraud Infrastructure
The suspicious domains mimic FIFA, “World Cup,” and host cities like Dallas, Miami, Toronto, and Mexico City. Check Point’s analysis reveals these are not random registrations: they occur in synchronised waves, share centralised DNS setups, and are concentrated across registrars like GoDaddy, Namecheap, Dynadot, and Gname.
In some cases, scammers are even registering domains tied to future tournaments such as FIFA 2030 and 2034. This tactic, known as domain aging, allows websites to sit idle and gain legitimacy before being deployed in scams.
“What we’re seeing is infrastructure being built, at scale, to exploit global interest before the World Cup even kicks off,” said Amit Weigman, Evangelist at Check Point. “Threat actors are not waiting for 2026; they are matching their timeline to FIFA’s.”
Ticketing Scams in the Spotlight
The risks are highest for fans during FIFA’s ticketing windows. With the presale draw concluding on September 19 and purchase windows opening October 1, fraudsters are expected to unleash phishing campaigns that mimic official FIFA communications. Fake portals, spoofed ticket confirmations, and fraudulent payment pages will be timed to coincide with legitimate fan activity, making them especially convincing.
Check Point flagged key red signals:
• 4,300+ suspicious domains in under 60 days
• Activity spikes during August and early September
• Bulk automation enabled by concentrated registrars
• Multilingual targeting: English (streaming), Spanish & Portuguese (ticketing/merchandise), French (Europe)
• Use of cheap domains (.com, .shop, .store, .online, .football)
• DNS overlaps pointing to coordinated fraud groups
Beyond phishing, botnets are being trained to flood official ticketing queues, hoard inventory, and manipulate pricing. Meanwhile, FIFA-branded fraud kits, counterfeit jerseys, and fake hospitality packages are already surfacing across Telegram channels and dark-web marketplaces.
Global Fan Frenzy
The World Cup’s unprecedented scale makes it a prime target. FIFA President Gianni Infantino revealed that over 4.5 million fans applied for tickets during the initial presale phase—underscoring the massive pool of potential victims.
As Infantino put it, the 2026 tournament spanning Canada, Mexico, and the United States will be the “biggest, most inclusive, and most exciting event ever.” But for cybercriminals, it’s also the biggest payday yet.
