The Federal Bureau of Investigation has issued a public warning to soccer enthusiasts about a surge in counterfeit FIFA websites that are appearing ahead of the 2026 World Cup. These sites are designed to look authentic but are operated by cybercriminals seeking to harvest login credentials and personal data.
The scope of the fraud
Scammers register domain names that closely resemble the official FIFA address, often adding country‑specific extensions or subtle misspellings. Recent examples include fifa.cab, fifa.pink and fifa.blue, which redirect visitors to pages that solicit personal details and sell fake match tickets.
Once a visitor enters information, the site can be used to open fraudulent accounts, harvest financial data and launch further attacks against the victim’s online presence. The stolen data may also be sold on underground markets, amplifying the potential for identity theft.
How to stay safe
The FBI advises fans to type the official address directly into their browser rather than clicking on links, to verify the presence of a valid SSL certificate, and to be wary of low‑quality graphics or poor spelling. Using bookmarked pages and avoiding sponsored advertisements can further reduce exposure to malicious sites.
World Cup host cities
The 2026 tournament will be staged across three nations, with matches scheduled in venues such as Seattle, Washington, as well as other locations throughout the United States, Canada and Mexico. Fans traveling to these cities should remain vigilant about online threats, especially as the event draws nearer.