{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/fifa.com/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["fifa.com"],"_cs_severities":["medium"],"_cs_tags":["fifa","spoofing","phishing","typo-squatting"],"_cs_type":"advisory","_cs_vendors":["Fédération Internationale de Football Association (FIFA)"],"content_html":"\u003cp\u003eThe FBI has issued a public service announcement warning of cyber threat actors conducting spoofing attacks against the Fédération Internationale de Football Association (FIFA) website in anticipation of the 2026 FIFA World Cup. These actors create deceptive versions of the legitimate FIFA website (\u003ca href=\"https://www.fifa.com\"\u003ewww.fifa.com\u003c/a\u003e) with the goal of tricking users into believing they\u0026rsquo;re interacting with the official brand. The spoofed websites are designed to collect personally identifiable information (PII) entered by users, including names, home addresses, phone numbers, email addresses, and banking information. The threat actors also aim to sell fake World Cup tickets and hospitality products and possibly facilitate other malicious activities. The FBI has identified multiple domains already spoofing the legitimate FIFA website and anticipates additional fake domains will be created leading up to and throughout the 2026 World Cup.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker registers a domain name that closely resembles the legitimate FIFA website (\u003ca href=\"https://www.fifa.com\"\u003ewww.fifa.com\u003c/a\u003e), often using typos or alternative top-level domains (e.g., fiffa[.]com, fifa[.]org).\u003c/li\u003e\n\u003cli\u003eThe attacker sets up a website on the spoofed domain that mimics the look and feel of the official FIFA website, including branding, logos, and content.\u003c/li\u003e\n\u003cli\u003eThe attacker promotes the spoofed website through various means, such as search engine optimization (SEO) or social media, to attract unsuspecting users.\u003c/li\u003e\n\u003cli\u003eA user visits the spoofed website, believing it to be the legitimate FIFA site.\u003c/li\u003e\n\u003cli\u003eThe user is prompted to enter personal information, such as name, address, phone number, email, and banking details, to register for an account, purchase tickets, or apply for a job.\u003c/li\u003e\n\u003cli\u003eThe attacker collects the user\u0026rsquo;s PII entered into the spoofed site.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the stolen PII to create new accounts in the victim\u0026rsquo;s name, commit identity theft, or sell the information to other malicious actors.\u003c/li\u003e\n\u003cli\u003eThe attacker attempts to sell fake World Cup tickets and hospitality products to the victim, potentially leading to financial loss.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThe spoofed FIFA websites can lead to significant financial and personal information loss for victims. Threat actors can collect PII, create fraudulent accounts, and sell fake World Cup tickets and hospitality products. The number of victims is currently unknown, but the FBI anticipates that these attacks will increase leading up to the 2026 FIFA World Cup. These attacks target anyone attempting to access FIFA\u0026rsquo;s website for information, tickets, or employment opportunities. A successful attack can result in identity theft, financial fraud, and reputational damage for the victims.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWhen navigating to FIFA\u0026rsquo;s official website, type fifa.com directly into the address bar, as recommended by the FBI, rather than using a search engine.\u003c/li\u003e\n\u003cli\u003eImplement a domain reputation feed to identify and block access to newly registered or suspicious domains similar to the IOCs in this brief.\u003c/li\u003e\n\u003cli\u003eMonitor network traffic for connections to the IOCs listed in this brief, and block them at the firewall or proxy level.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule to detect potential typo-squatting attempts on FIFA domains.\u003c/li\u003e\n\u003cli\u003eEducate users about the dangers of typo-squatting and phishing, emphasizing the importance of verifying website URLs and avoiding suspicious links.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-27T18:24:00Z","date_published":"2026-05-27T18:24:00Z","id":"https://feed.craftedsignal.io/briefs/2026-05-fifa-spoofing/","summary":"Cyber threat actors are conducting spoofing attacks against FIFA websites in advance of the 2026 FIFA World Cup to steal personal information and facilitate monetary scams.","title":"Threat Actors Spoofing FIFA Websites in Advance of the 2026 World Cup","url":"https://feed.craftedsignal.io/briefs/2026-05-fifa-spoofing/"},{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["World Cup tickets","World Cup merchandise","fifa.com/tickets","fifa.com/hospitality","Qatar Airways travel packages"],"_cs_severities":["high"],"_cs_tags":["phishing","credential-theft","scams","fifa","world-cup"],"_cs_type":"advisory","_cs_vendors":["FIFA","Qatar Airways","ESET"],"content_html":"\u003cp\u003eESET researchers have uncovered multiple fake FIFA World Cup websites designed to deceive soccer fans seeking tickets and merchandise. These websites mimic the official FIFA and World Cup sites, enticing users to register and make purchases through fraudulent payment flows. The attackers utilize tactics such as typosquatting, where domain names closely resemble the legitimate ones, and copying the official FIFA website\u0026rsquo;s look and feel to enhance credibility. The campaign targets individuals eager to secure tickets and merchandise for the 2026 FIFA World Cup, exploiting their enthusiasm and impatience. The fake sites aim to steal financial and identity data, including names, email addresses, phone numbers, and passwords.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eVictims are lured to fake FIFA websites through sponsored search results, social media ads, or forwarded links.\u003c/li\u003e\n\u003cli\u003eThe fake website uses a domain name similar to the official FIFA site, employing typosquatting (e.g., ***fifa26[.]shop).\u003c/li\u003e\n\u003cli\u003eThe website replicates the look and feel of the official FIFA site, including colors, layout, and navigation.\u003c/li\u003e\n\u003cli\u003eUsers are prompted to register, providing personal information such as name, email address, and phone number.\u003c/li\u003e\n\u003cli\u003eThe fake website offers tickets and merchandise for purchase, allowing users to add items to a shopping cart.\u003c/li\u003e\n\u003cli\u003eUsers are directed to a payment page where they enter their credit card details.\u003c/li\u003e\n\u003cli\u003eThe entered payment information is stolen by the attackers.\u003c/li\u003e\n\u003cli\u003eVictims lose money and have their personal and financial data compromised.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThe fake FIFA websites lead to financial losses for victims who enter their credit card details. Stolen personal data, including names, email addresses, phone numbers, and reused passwords, can be used for identity theft, financial fraud, and further attacks on other accounts. The campaign targets soccer fans worldwide, aiming to capitalize on the high demand for World Cup tickets and merchandise. If successful, attackers can gain access to victims\u0026rsquo; sensitive information, leading to significant financial and personal harm.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDirectly type the official FIFA website address (FIFA.com) into your browser to avoid clicking on potentially malicious links from ads or social media posts (Reference: FIFA official website).\u003c/li\u003e\n\u003cli\u003eClosely examine domain names for typosquatting attempts (e.g., extra characters, odd endings) before entering any information (Reference: ***fifa26[.]shop and ****26-fifa[.]com).\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect Fake FIFA Website Registration Page\u003c/code\u003e to identify suspicious registration pages (Reference: rule).\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect Fake FIFA Website Payment Page\u003c/code\u003e to identify suspicious payment pages (Reference: rule).\u003c/li\u003e\n\u003cli\u003eUse strong, unique passwords for all accounts and enable two-factor authentication to protect against credential reuse (Reference: Overview).\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-23T06:09:19Z","date_published":"2026-05-23T06:09:19Z","id":"https://feed.craftedsignal.io/briefs/2026-05-fake-fifa-sites/","summary":"Fake FIFA World Cup websites are impersonating official ticket and merchandise sales to steal money and personal data from soccer fans through deceptive registration and payment processes.","title":"Fake FIFA World Cup Websites Stealing Credentials and Funds","url":"https://feed.craftedsignal.io/briefs/2026-05-fake-fifa-sites/"},{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["World Cup tickets","World Cup merchandise","fifa.com/tickets","fifa.com/hospitality","Qatar Airways travel packages"],"_cs_severities":["high"],"_cs_tags":["phishing","credential-theft","scams","fifa","world-cup"],"_cs_type":"advisory","_cs_vendors":["FIFA","Qatar Airways","ESET"],"content_html":"\u003cp\u003eESET researchers have uncovered multiple fake FIFA World Cup websites designed to deceive soccer fans seeking tickets and merchandise. These websites mimic the official FIFA and World Cup sites, enticing users to register and make purchases through fraudulent payment flows. The attackers utilize tactics such as typosquatting, where domain names closely resemble the legitimate ones, and copying the official FIFA website\u0026rsquo;s look and feel to enhance credibility. The campaign targets individuals eager to secure tickets and merchandise for the 2026 FIFA World Cup, exploiting their enthusiasm and impatience. The fake sites aim to steal financial and identity data, including names, email addresses, phone numbers, and passwords.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eVictims are lured to fake FIFA websites through sponsored search results, social media ads, or forwarded links.\u003c/li\u003e\n\u003cli\u003eThe fake website uses a domain name similar to the official FIFA site, employing typosquatting (e.g., ***fifa26[.]shop).\u003c/li\u003e\n\u003cli\u003eThe website replicates the look and feel of the official FIFA site, including colors, layout, and navigation.\u003c/li\u003e\n\u003cli\u003eUsers are prompted to register, providing personal information such as name, email address, and phone number.\u003c/li\u003e\n\u003cli\u003eThe fake website offers tickets and merchandise for purchase, allowing users to add items to a shopping cart.\u003c/li\u003e\n\u003cli\u003eUsers are directed to a payment page where they enter their credit card details.\u003c/li\u003e\n\u003cli\u003eThe entered payment information is stolen by the attackers.\u003c/li\u003e\n\u003cli\u003eVictims lose money and have their personal and financial data compromised.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThe fake FIFA websites lead to financial losses for victims who enter their credit card details. Stolen personal data, including names, email addresses, phone numbers, and reused passwords, can be used for identity theft, financial fraud, and further attacks on other accounts. The campaign targets soccer fans worldwide, aiming to capitalize on the high demand for World Cup tickets and merchandise. If successful, attackers can gain access to victims\u0026rsquo; sensitive information, leading to significant financial and personal harm.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDirectly type the official FIFA website address (FIFA.com) into your browser to avoid clicking on potentially malicious links from ads or social media posts (Reference: FIFA official website).\u003c/li\u003e\n\u003cli\u003eClosely examine domain names for typosquatting attempts (e.g., extra characters, odd endings) before entering any information (Reference: ***fifa26[.]shop and ****26-fifa[.]com).\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect Fake FIFA Website Registration Page\u003c/code\u003e to identify suspicious registration pages (Reference: rule).\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect Fake FIFA Website Payment Page\u003c/code\u003e to identify suspicious payment pages (Reference: rule).\u003c/li\u003e\n\u003cli\u003eUse strong, unique passwords for all accounts and enable two-factor authentication to protect against credential reuse (Reference: Overview).\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-23T06:09:19Z","date_published":"2026-05-23T06:09:19Z","id":"https://feed.craftedsignal.io/briefs/2026-05-fake-fifa-sites/","summary":"Fake FIFA World Cup websites are impersonating official ticket and merchandise sales to steal money and personal data from soccer fans through deceptive registration and payment processes.","title":"Fake FIFA World Cup Websites Stealing Credentials and Funds","url":"https://feed.craftedsignal.io/briefs/2026-05-fake-fifa-sites/"}],"language":"en","title":"CraftedSignal Threat Feed — Fifa.com","version":"https://jsonfeed.org/version/1.1"}