La Jornada: The scam World Cup began: fake FIFA sites identified

The 2026 World Cup hasn’t started yet and cybercriminals have already come out to warm up. While millions of fans look for tickets, book accommodation or try to buy t-shirts for their favorite teams, another game is being played behind the screens: that of digital fraud. The cybersecurity firm Eset has already detected at least five sites that impersonate FIFA in order to steal personal data, banking information and money from users attracted by World Cup fever.

The new field of fraud no longer resembles those pages full of spelling errors and suspicious windows. Today apocryphal sites almost completely replicate the design, colors and browsing experience of official platforms.

At first glance they appear legitimate: they display match tickets, official merchandise, special promotions and FIFA ID registrations. It’s all part of a strategy designed to build trust and get victims to let their guard down just as tournament excitement begins to soar.

Eset’s investigation found pages with addresses such as fifa26.shop or 26-fifa.com, which use a technique known as typosquattingconsisting of copying official domains and making modifications that are almost imperceptible to the average user.

In some cases, it is enough to change a letter, add a hyphen or use extensions such as .shop, .store or .site to build a facade.

But the real risk is not just in the appearance of the pages, but in the logic behind them. Cybercriminals understood that anxiety also works in their favor.

For Eset, the pressure to get tickets, the fear of being left out and the promise of VIP access, last tickets or exclusive discounts work as baits capable of triggering impulsive decisions. In massive events like the World Cup, where millions of people compete for accommodation, flights and tickets, urgency becomes a perfect ally for the phishing (technique used to steal personal or banking information through fake sites or deceptive messages).

The company explained that many of these pages appear as sponsored ads in search engines, social networks or messaging applications, right in the spaces where fans spend hours looking for information related to the tournament and long to be part of the experience every four years.

Fraud no longer hides in dark corners of the Internet: it now appears mixed between promotions, advertising and apparently legitimate content.

How does it work?

The mechanics are usually simple. First appears the promise of tickets or official merchandise; then the supposed registration appears to create an account or access the purchase; Finally, the page requests personal information, emails, telephone numbers and bank cards.

The problem is that many people use the same passwords in different services, so providing credentials on a fake page can open the door to emails, banking applications or social networks.

Specialists consider that the phenomenon stopped being a set of isolated scams and evolved into organized campaigns capable of operating on a large scale. The actors behind these sites register multiple variants of the same page to keep the operation active even when some domains are taken down.

It is a logic very similar to that of an underground network that constantly changes shirts to stay in the game.

“Fake sites are no longer rudimentary, improvised or easy to detect pages: today they replicate complete designs, user experiences and purchase flows to appear legitimate and reduce victims’ suspicions,” said Mario Micucci, computer security researcher at Eset Latin America.

FIFA itself recognized the risks of purchasing tickets outside of its official channels. The organization recalled that tickets are only sold through its authorized site and maintained that tickets purchased on unofficial platforms, social networks or resale systems may be fake or rejected upon entering the stadiums.

Just days before Mexico becomes one of the most visible venues of the tournament, the World Cup has already begun for scammers, and while millions of fans dream of being in the stands, others are fine-tuning strategies to turn that excitement into an opportunity to steal, so people must be attentive and ready to get the red card.