FBI warns of fake FIFA websites running World Cup fraud schemes — How to Identify & Stay Safe
INDIA — By BharatSecure Threat Intelligence Team ·
Severity: High | View Full Scam Details
🛡️ Want to check if you've received this scam?
Check This Scam on BharatSecure →2026 FIFA World Cup Scam in India: Beware of Fake FIFA Websites Phishing Fraud
Cybercriminals are exploiting the 2026 FIFA World Cup hype in India by creating fake FIFA websites to trick fans into revealing personal and financial details.
What Is the FBI Warns of Fake FIFA Websites Running World Cup Fraud Schemes?
As the 2026 FIFA World Cup approaches, cyber fraudsters are reportedly launching a phishing scheme posing as official FIFA websites. According to warnings from the FBI and cybersecurity bodies, these fake websites claim to offer tickets, merchandise, or exclusive promotions related to the World Cup. The main aim is to steal sensitive data such as bank details, UPI IDs, Aadhaar-linked information, and login credentials from unsuspecting fans in India.
While initially reported from the US, this phishing scam has seen an uptick in cases reported from India, especially through WhatsApp messages and social media advertisements targeting cricket and football lovers. Fraudsters are improvising by replicating official FIFA branding and offering deals with prices quoted in INR to lure Indian users. Several users have complained about unauthorized UPI payments and fraudulent transactions linked to these phishing attempts.
Indian authorities like CERT-In and the Indian Cyber Crime Coordination Centre (I4C) have issued public advisories to raise awareness, warning internet users not to trust suspicious World Cup-related URLs or offers. The Reserve Bank of India’s (RBI) customer education department also cautions users to verify the authenticity of websites before sharing financial information online.
How This Scam Works — Step by Step
Initial Contact via WhatsApp or Social Media: Victims receive messages containing links that claim to be official FIFA websites offering World Cup tickets, limited edition merchandise, or exclusive deals.
Clicking the Fake Website Link: The provided URL leads to a well-designed but fraudulent website mimicking official FIFA pages. The site asks users to register or log in by entering personal details including name, mobile number, Aadhaar number, and bank account or UPI information.
Phishing for Sensitive Data: The fake site may prompt users to enter OTPs or passwords supposedly for verification, but these details are captured by the attackers.
Malicious App or Payment Request: In some cases, victims are asked to download a fake “payment app” or scan QR codes that channel transactions to fraudsters’ accounts through UPI.
Unauthorized Payments and Account Compromise: Once financial credentials or OTPs are shared, attackers initiate unauthorized fund transfers, frequently using UPI, which is common in India and often difficult to reverse.
No Delivery of Tickets or Merchandise: Victims realize the fraud only when promised tickets never arrive, or transactions show up as debits on their bank statements.
Real Warning Signs to Watch For
- URLs that do not read fifa.com or trusted FIFA subdomains, instead have misspellings or unusual domain endings.
- Messages offering “secret” or limited-time World Cup tickets with prices much lower than official rates.
- Requests for Aadhaar numbers, full bank details, or OTP entries through unofficial channels.
- Urgency or pressure tactics demanding immediate payment via UPI QR codes or apps.
- Links received only through WhatsApp forwards or unverified social media accounts, rather than official FIFA or broadcaster channels.
- No SSL padlock icon or HTTPS on the website URL.
- Poor-quality website design or spelling mistakes in the content.
What Happens to Victims
Victims often suffer financial losses in INR ranging from a few hundred to several thousands or even lakhs, depending on the fraud scale. Since UPI payments can be instantaneous and irreversible in many cases without bank intervention, recovering funds can be challenging. The use of Aadhaar data in such scams can lead to further identity theft, including SIM swap frauds that magnify damage.
The emotional impact includes stress, anxiety, and loss of trust in online transactions. Many victims hesitate to report due to lack of awareness or fear of disclosing sensitive financial data. This makes them vulnerable to repeated attacks.
What RBI and CERT-In Say
The Reserve Bank of India advises customers to always verify payment requests through official banking or UPI apps and to never share passwords or OTPs. RBI recommends immediately reporting any unauthorized transaction to the bank and filing a complaint.
CERT-In emphasizes vigilance around phishing websites, urging Indians not to open links from unknown senders and to report suspected cyber fraud to the Indian Cyber Crime Coordination Centre (I4C) or at cybercrime.gov.in. Both agencies highlight the importance of using official websites only and caution against sharing Aadhaar details on unverified platforms.
The 1930 cybercrime helpline is also available nationwide to assist victims and guide them through complaint filing.
How to Protect Yourself
- Do not click links claiming to sell World Cup tickets unless verified through official FIFA or broadcaster websites.
- Check website URLs carefully—avoid those with spelling errors or unrecognized domains.
- Never share OTPs, passwords, or Aadhaar details on suspicious sites or via WhatsApp.
- Use trusted UPI apps directly rather than scanning QR codes from unknown sources.
- Install antivirus and keep your smartphone software updated to detect malicious apps.
- Verify offers independently by calling official customer support numbers.
- Report suspicious messages and websites at cybercrime.gov.in or through the 1930 helpline.
What to Do If You've Been Targeted
- Immediately contact your bank and block UPI transactions if unauthorized payments occur.
- Change all passwords and enable multi-factor authentication on your accounts.
- File a complaint on the Indian Government’s cybercrime portal cybercrime.gov.in.
- Lodge a report with local police cybercrime cells and provide all evidence such as messages and transaction receipts.
- Contact the 1930 cybercrime helpline for guidance on further steps.
- Inform your mobile operator if you suspect SIM swap fraud.
- Monitor your bank and Aadhaar-linked accounts closely for any unusual activity.
Frequently Asked Questions
Q: Can I get my money back if I pay on a fake FIFA site via UPI?
A: UPI transactions are usually immediate and final. You should report the fraud to your bank promptly and file a police complaint. The bank may help if the transaction is within the refund window, but recovery is not guaranteed.
Q: How can I verify if a FIFA website or offer is genuine?
A: Always check the URL carefully; official FIFA websites use domain names ending with fifa.com. Also, cross-check offers on official FIFA social media pages or reputable broadcasters authorized for World Cup content.
Q: What should I do if I receive a suspicious World Cup ticket offer on WhatsApp?
A: Do not click on any links or share any details. Forward the message to BharatSecure.app for verification, and report it on cybercrime.gov.in or call the 1930 helpline.
Stay alert during this football fever and protect your hard-earned money from falling prey to phishing frauds.
Disclaimer: This article describes a pattern of fraud reported in public sources for public-safety awareness. It is not legal, financial, or medical advice. To request correction or removal of any content, write to hello@bharatsecure.app.
Related Scams in Our Database
- Lost over Rs 14cr to digital arrest scam: How an elderly NRI couple in Delhi was duped for weeks — Severity: CRITICAL
- Digital Arrest Scam — Severity: CRITICAL
- Nagpur Doctor Loses ₹2 Crore in Digital Arrest Scam — Severity: CRITICAL
Verify Any Suspicious Message
Check any suspicious message, link, or call for free at bharatsecure.app.