- Thousands of fake FIFA domains are already waiting for desperate football fans
- Fraudsters cloned FIFA login system with near-perfect visual accuracy for credential theft
- Facebook Ads Lead Victims Directly into Large-Scale World Cup Ticket Scam
More than six million fans will fill stadiums in the United States, Canada and Mexico when the 2026 FIFA World Cup begins in June.
The sheer scale of demand for tickets created ideal conditions for sophisticated fraudulent operations.
According to Group-IB researchers, they have identified more than 4,300 fraudulent domains impersonating FIFA’s official web presence since August 2025, and some of these domains have remained dormant for almost a year, lying in wait for desperate fans.
The Ghost Stadium scam
A Chinese-speaking threat actor known as Ghost Stadium is at the center of this fraudulent ecosystem.
This financially motivated group built a pixel-perfect clone of the official FIFA website using a shared phishing kit.
The fake site replicates PingIdentity’s legitimate login flow with near-perfect accuracy.
Victims who access these pages see authentic branding downloaded directly from FIFA’s own content delivery network.
The system automatically switches between eleven languages depending on the visitor’s browser settings.
“Large sporting events attract fraud. Huge demand, limited tickets and the fear of missing your country’s match put pressure on fans to act quickly. Fraudsters know this,” said Yuan Huang, global head of fraud intelligence at Group-IB.
“We have identified more than 4,300 fraudulent domains impersonating the official FIFA web presence, ready to exploit fans looking for tickets, with some having been inactive since 2025.”
Facebook ads are the biggest trap for unsuspecting ticket seekers.
These ads feature dramatically reduced prices and countdown timers to create artificial urgency.
By clicking on the ad, visitors are taken to a fake homepage with a prominent “BUY NOW” button.
Victims who already hold legitimate tickets are tricked into logging in and handing over their credentials directly to the attacker.
The fraudster then changes the account password, locks access to the rightful owner, and resells the genuine tickets for profit.
New buyers without existing tickets face a different but equally destructive path.
They fill out a detailed payment form that captures their full name, address, phone number, and payment card details.
Scammers accept money through at least five separate channels, including direct card capture, peer-to-peer apps like Chime and Nequi, and even cryptocurrency conversion through Alchemy Pay. No tickets arrive after payment.
Ghost Stadium does not operate alone in this space. Four independent threat actors are simultaneously running six parallel fraud schemes.
These include fake streaming platforms demanding subscription fees, counterfeit merchandise storefronts targeting Latin American markets, and unlicensed betting sites that harvest passport scans for identity fraud.
More than 2,500 pairs of FIFA account IDs are already circulating on dark web markets at prices between $5 and $50 per pair.
How to stay safe
Financial losses due to premium ticket fraud alone are estimated between $71 million and $474 million.
To stay safe, the safest approach is to assume that any ticket offering outside of official channels carries significant risks.
Check the correct spelling of the domain before entering credentials. The official website is fifa.com without hyphens or alternative endings.
Immediately enable multi-factor authentication on your FIFA account and change your password if you haven’t done so recently.
Do not click on ticket ads appearing on Facebook, Instagram or Telegram, no matter how attractive the discount may be.
Taking an extra moment to check before purchasing can prevent significant financial and personal damage.
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds.
