{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/world-cup-tickets/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["World Cup tickets","World Cup merchandise","fifa.com/tickets","fifa.com/hospitality","Qatar Airways travel packages"],"_cs_severities":["high"],"_cs_tags":["phishing","credential-theft","scams","fifa","world-cup"],"_cs_type":"advisory","_cs_vendors":["FIFA","Qatar Airways","ESET"],"content_html":"\u003cp\u003eESET researchers have uncovered multiple fake FIFA World Cup websites designed to deceive soccer fans seeking tickets and merchandise. These websites mimic the official FIFA and World Cup sites, enticing users to register and make purchases through fraudulent payment flows. The attackers utilize tactics such as typosquatting, where domain names closely resemble the legitimate ones, and copying the official FIFA website\u0026rsquo;s look and feel to enhance credibility. The campaign targets individuals eager to secure tickets and merchandise for the 2026 FIFA World Cup, exploiting their enthusiasm and impatience. The fake sites aim to steal financial and identity data, including names, email addresses, phone numbers, and passwords.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eVictims are lured to fake FIFA websites through sponsored search results, social media ads, or forwarded links.\u003c/li\u003e\n\u003cli\u003eThe fake website uses a domain name similar to the official FIFA site, employing typosquatting (e.g., ***fifa26[.]shop).\u003c/li\u003e\n\u003cli\u003eThe website replicates the look and feel of the official FIFA site, including colors, layout, and navigation.\u003c/li\u003e\n\u003cli\u003eUsers are prompted to register, providing personal information such as name, email address, and phone number.\u003c/li\u003e\n\u003cli\u003eThe fake website offers tickets and merchandise for purchase, allowing users to add items to a shopping cart.\u003c/li\u003e\n\u003cli\u003eUsers are directed to a payment page where they enter their credit card details.\u003c/li\u003e\n\u003cli\u003eThe entered payment information is stolen by the attackers.\u003c/li\u003e\n\u003cli\u003eVictims lose money and have their personal and financial data compromised.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThe fake FIFA websites lead to financial losses for victims who enter their credit card details. Stolen personal data, including names, email addresses, phone numbers, and reused passwords, can be used for identity theft, financial fraud, and further attacks on other accounts. The campaign targets soccer fans worldwide, aiming to capitalize on the high demand for World Cup tickets and merchandise. If successful, attackers can gain access to victims\u0026rsquo; sensitive information, leading to significant financial and personal harm.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDirectly type the official FIFA website address (FIFA.com) into your browser to avoid clicking on potentially malicious links from ads or social media posts (Reference: FIFA official website).\u003c/li\u003e\n\u003cli\u003eClosely examine domain names for typosquatting attempts (e.g., extra characters, odd endings) before entering any information (Reference: ***fifa26[.]shop and ****26-fifa[.]com).\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect Fake FIFA Website Registration Page\u003c/code\u003e to identify suspicious registration pages (Reference: rule).\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect Fake FIFA Website Payment Page\u003c/code\u003e to identify suspicious payment pages (Reference: rule).\u003c/li\u003e\n\u003cli\u003eUse strong, unique passwords for all accounts and enable two-factor authentication to protect against credential reuse (Reference: Overview).\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-23T06:09:19Z","date_published":"2026-05-23T06:09:19Z","id":"https://feed.craftedsignal.io/briefs/2026-05-fake-fifa-sites/","summary":"Fake FIFA World Cup websites are impersonating official ticket and merchandise sales to steal money and personal data from soccer fans through deceptive registration and payment processes.","title":"Fake FIFA World Cup Websites Stealing Credentials and Funds","url":"https://feed.craftedsignal.io/briefs/2026-05-fake-fifa-sites/"}],"language":"en","title":"CraftedSignal Threat Feed — World Cup Tickets","version":"https://jsonfeed.org/version/1.1"}