Threat actors are conducting phishing campaigns targeting FIFA World Cup 2026 fans by deploying fake FIFA-themed domains and mobile-optimized phishing infrastructure. These sites impersonate official FIFA ticketing services to collect personal and payment information. The campaigns use third-party payment services such as KOIpay and EBpay, with JavaScript redirects to external payment gateways and online gambling platforms. The harvested data enables attackers to perform fraudulent account creation, credential stuffing, email account takeovers, and unauthorized financial transactions. This operation is part of a larger fraud ecosystem exploiting the tournament's popularity.

Victims risk theft of personal and payment information, leading to fraudulent account creation, credential stuffing attacks, email account takeovers, and unauthorized financial access. The phishing infrastructure also exposes users to redirection to online gambling platforms, potentially causing further financial harm. The overall impact is financial fraud and identity compromise for targeted individuals.

No official patch or fix is applicable as this is a phishing campaign exploiting social engineering. Users should be advised to only use official FIFA channels for ticket purchases and tournament information. Organizations and individuals should educate users about phishing risks, verify URLs carefully, and avoid providing personal or payment information on suspicious sites. Monitoring for and takedown of fraudulent domains by relevant authorities can help reduce exposure.