Authorities and security experts have issued warnings that scammers are taking advantage of World Cup fever by setting up fake websites and impersonating official FIFA channels to sell phantom tickets and bogus merchandise.
Last week, the FBI alerted the public to three dozen websites — with domains such as “fifa-ticket.live” and “fifaworldcup26.sale” — that pose as the real fifa.com to steal personal information or sell fake tickets and products.
The fakery is well done, reports the cybersecurity publication The Hacker News. Some scam operations “offer near-perfect copies of fifa.com … [and loads] images straight from FIFA’s own servers, so the page looks authentic and slips past tools that flag copied images.”
These malicious actors are seeking to take advantage of soccer fans desperate to find bargains outside official channels and cybersecurity firms warn that the scams number in the thousands.
There are simple ways to avoid the scams:
- Buy only through fifa.com.
- Type the address in yourself.
- Don’t trust ads or search results.
- Switch on multi-factor login.
- Treat any seller who wants payment in cryptocurrency as a scam. (FIFA’s ticketing never asks for crypto.)
Security experts say the FBI warning only scratches the surface of the deceptive practices.
Singapore-based cybersecurity firm Group-IB identified more than 4,300 fraudulent domains registered since August that pose as being FIFA-affiliated and estimates that losses from fraud could add up to billions of dollars.
Social media is also riddled with scams. There are football-themed ad campaigns on Facebook and Instagram promoting counterfeit kits, fake Panini stickers and phishing pages.
Cybersecurity group Fortinet counted over 1,700 spoofed FIFA accounts, almost all of them on Facebook and Instagram. It also warned of fake FIFA job ads and calendar invites to send applicants to a lookalike Google login.
Another cybersecurity company, Bitdefender, said it found 55 soccer-related scam ad campaigns on Meta platforms. Among the flagged items were promotions for phony collectibles and merchandise.
Meta has reportedly started deploying pop-up warnings when Facebook users search for tickets. The tech company says it recently dismantled spoofed FIFA sites that were promoting “fake gambling content” which could have been used to collect passport scans and selfies for identity theft.
The Hacker News also warned of counterfeit merchandise shops and bogus streaming sites that request subscription fees only to install malware, which gives the attacker control.
Host-city Wi-Fi is also a potential problem. A recent study of wireless networks in Mexico City, Monterrey and Guadalajara revealed that the infrastructure continues to present multiple forms of operational exposure, posing serious digital exposure risks for users.
With reports from La Jornada, Agence France-Presse, The Hacker News and Reforma
