With the FIFA World Cup 2026 matches in full swing, cybercriminals are targeting fans with various scams to capitalize on the tournament’s popularity, security researchers warn. Multiple scam networks have been discovered by security firms so far. These networks are designed to steal funds and personal details from people looking for tickets, hotels, and betting options.
Fake hotels and betting links
Security researcher Prashant Kumar and his team at Forcepoint X-Labs recently tracked these threats. In a statement shared with Hackread.com, Kumar said, “I have looked for FIFA-themed phishing/malicious campaigns and observed a large, active, multi-variant phishing and fraud campaign abusing the FIFA World Cup 2026 brand.”
The team found three main scam types spread across more than 100 fake web links. The largest operation tricks fans into using illegal gambling platforms tied to ongoing matches through fake links like cn-web-fifacwc.com and zone-2026fifa.com.
These links, although they feature Chinese-language text, include custom versions tailored for international audiences in France, Africa, and Asia. Visitors are lured with promises of guaranteed rewards for placing bets on current games; however, in reality, they are redirected to credential-stealing pages.
Another active part of the scam uses 14 fake hotel booking networks customized for tournament cities like Dallas, Miami, and New York. Following the format “fifaworldcup2026cityhotels.com“, these pages were all registered within 32 minutes of each other to steal credit card details from travellers looking for last-minute rooms between fixtures. The hackers even cloned the real FIFA website structure under the web link fifa.monster to secretly track visitors and target them with follow-up spam advertisements.
Stealing bank codes
Other cybersecurity firms like CloudSEK and Netcraft found that these operations are highly organised. CloudSEK traced the main setup to threat actors in China who use an unauthorised payment control panel called tbpay.uk. To make the pages seem real, the hackers even embed a legitimate live chat service called tawk.to to talk to targets.
worldcup2026ticket.shop (Source: Netcraft)As fans rush to secure seats for upcoming matches, these scammers are using realistic online checkout pages on links like ww-fifa.com. They do not just take card numbers for future use. Instead, they use a live setup to watch what the victim does on the page in real time.
When the bank sends a text message with a security code, called a one-time password or OTP, the scammers catch it as it is typed. This lets them evade the bank’s security check and hijack the victim’s account completely.
Forcepoint confirmed it is actively blocking these confirmed fake sites and their shared backend systems, while constantly writing new rules to stop the lookalike web links that scammers are creating every day during the tournament.
