Security researchers have uncovered an alarming surge in domain registrations that appear to be pre‑planning a cyber campaign targeting the 2026 FIFA World Cup. The domains, many of which masquerade as legitimate ticketing sites or merchandise outlets, were registered months – even years – ahead of the event.
How the plan unfolds
The attackers are exploiting the high‑profile nature of the tournament by creating fake websites that look convincing. "They use official logos and local languages to appear trustworthy," says Tushar Subhra Dutta, a researcher at CyberSecurityNews.com.
Numbers behind the threat
Analysts identified over 498 suspicious domains containing keywords such as “fifa,” “worldcup,” or host‑city names. Registrations peaked in August 2025, with many domains registered through popular registrars like GoDaddy and Namecheap, and using low‑friction top‑level domains such as .online and .shop.
What’s at stake
Visitors to these fake sites may unknowingly download malware or have their credentials stolen. The attackers plan to use the data for financial fraud or to launch further attacks on FIFA’s infrastructure.
"These domains are distributed across top registrars including GoDaddy.com and Namecheap, as well as low‑friction TLDs like .online and .shop," reads an analyst report.
Defence measures
FIFA’s security team has increased monitoring of domain registrations and is working with registrars to flag suspicious activity. Fans are advised to verify ticket purchases through official channels only.