World Cup 2026 Mobile Targeted Phishing: The Global Social Engineering Threat
Threat intelligence analysis reveals a significant surge in phishing campaigns exploiting the FIFA World Cup 2026, specifically targeting mobile users. Three distinct attack campaigns have been identified: The first deploys typosquatting and institutional spoofing through fake domains to trap ticket buyers. The second mimics major sports retailers like Nike and Adidas, hiding infrastructure behind Cloudflare for credential harvesting. The third exploits tournament hiring opportunities through sophisticated recruitment fraud, implementing an Adversary-in-the-Middle platform targeting corporate Google Workspace accounts with MFA bypass capabilities. These campaigns leverage SMS, WhatsApp, and search engines to exploit emotional urgency and ticket scarcity, creating enterprise security risks as employees use personal devices for work access.
Indicators of Compromise
- domain: fifa-tickets.vip
- domain: fifa-hiring.com
- domain: fifa-hr.com
- hash: ec7b0bc82c00464d8e0a59bc19c585e2
- domain: fifa-careerpath.com
- domain: fifajobs.com
World Cup 2026 Mobile Targeted Phishing: The Global Social Engineering Threat
Description
Threat intelligence analysis reveals a significant surge in phishing campaigns exploiting the FIFA World Cup 2026, specifically targeting mobile users. Three distinct attack campaigns have been identified: The first deploys typosquatting and institutional spoofing through fake domains to trap ticket buyers. The second mimics major sports retailers like Nike and Adidas, hiding infrastructure behind Cloudflare for credential harvesting. The third exploits tournament hiring opportunities through sophisticated recruitment fraud, implementing an Adversary-in-the-Middle platform targeting corporate Google Workspace accounts with MFA bypass capabilities. These campaigns leverage SMS, WhatsApp, and search engines to exploit emotional urgency and ticket scarcity, creating enterprise security risks as employees use personal devices for work access.
Technical Details
- Author
- AlienVault
- Tlp
- white
- References
- ["https://zimperium.com/blog/world-cup-2026-mobile-targeted-phishing-the-global-social-engineering-threat"]
- Adversary
- null
- Pulse Id
- 6a2b24120e38cab4c6d62f51
- Threat Score
- null
Indicators of Compromise
Domain
| Value | Description | Copy |
|---|---|---|
domainfifa-tickets.vip | — | |
domainfifa-hiring.com | — | |
domainfifa-hr.com | — | |
domainfifa-careerpath.com | — | |
domainfifajobs.com | — |
Hash
| Value | Description | Copy |
|---|---|---|
hashec7b0bc82c00464d8e0a59bc19c585e2 | — |
Threat ID: 6a304f4a0b89be68887ea712
Added to database: 6/15/2026, 7:15:22 PM
Last updated: 6/15/2026, 7:15:33 PM
Views: 1
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.