What to do if I shared my OTP in a phishing scam?

Immediately report the incident to your bank's helpline (SBI: 1800-11-1109, HDFC: 1800-202-6161) and change your passwords.

How do I identify a scam website related to the FIFA World Cup?

Check the website URL for variations from the official FIFA site and ensure it uses HTTPS. Look for official contact details.

How do I report this type of scam in India?

You can report cybercrime incidents at cybercrime.gov.in or call the helpline at 1930 to file your complaint.

What are the steps to recover money after this scam?

Contact your bank immediately for assistance, request a chargeback if payments were made, and file a report with cybercrime authorities.

Threat Actors Spoofing FIFA Websites in Advance of the 2026 World Cup

INDIA — By BharatSecure Threat Intelligence Team · Updated May 29, 2026

Verdict: Suspicious | Risk Score: 7/10 | Severity: high

Category: phishing

How Threat Actors Spoofing FIFA Websites in Advance of the 2026 World Cup Works

Cybercriminals are creating fake FIFA websites to trick users, likely in anticipation of the 2026 World Cup. These spoofed sites could be used for various malicious activities, including phishing or distributing malware.

How This Scam Works — Detailed Explanation

In the lead-up to significant global events like the 2026 FIFA World Cup, scammers often leverage public excitement to implement phishing schemes. These threat actors create counterfeit FIFA websites that mimic the official ones. Victims primarily find these fake sites via social media platforms like WhatsApp or through suspicious emails claiming to offer exclusive tickets or merchandise related to the World Cup. Many users, eager to seize what appears to be a limited-time offer, click these links without verifying their authenticity. Targeted campaigns are often directed at sports fans who are actively seeking information, tickets, or merchandise related to the event, making them easy prey for the scammers.

The psychological tricks employed by these cybercriminals are based on urgency and exclusivity. By claiming limited availability for tickets or special promotional offers, they increase the likelihood that victims will rush into providing personal information without a proper assessment of the site. Often, these sites may also feature testimonials, graphics, and logos that closely mimic those found on legitimate FIFA websites. Additionally, they may use familiar phrases and terms associated with FIFA communications, causing users to let their guard down. As users visit these sites, they are prompted to enter sensitive information such as Aadhaar numbers, bank details, or UPI IDs, believing they are merely completing a ticket or merchandise purchase.

Once victims unwittingly submit their details, scammers can exploit the information in various harmful ways. For instance, a user might enter their bank details under the guise of purchasing World Cup tickets. The scammer could then initiate transactions on behalf of the victim using UPI payments, leading to a significant financial loss. Reports have shown that in similar phishing incidents, individuals in India have lost crores in a matter of hours. Victims may find unauthorized transactions on their bank statements or receive alerts about changes to their personal information, such as Aadhaar. Unfortunately, many do not recognize that they have been scammed until substantial damage has been done, often compounded by the emotional distress of having been tricked.

The financial impact of such scams is significant in India. The Ministry of Home Affairs (MHA) reported that a majority of cybercrime falls under financial fraud, with phishing being one of the most prevalent types. According to CERT-In, last year alone, nearly ₹3,000 crore was reported lost due to various scams, with a substantial portion linked to phishing schemes like the current FIFA website spoofing. The RBI and NPCI have issued advisories warning users about increasing incidents of online fraud, urging individuals to be vigilant. Scammers exploit public events for mass exploitation, and many unsuspecting fans are left reeling from their losses.

Identifying these scams requires keen awareness. Legitimate FIFA communications are typically through their verified social media handles or website. They will never ask for sensitive information, such as Aadhaar numbers or bank details, through unsolicited messages or links. Moreover, users should always check the URL of the site to ensure it matches the official FIFA website closely, looking for HTTPS security certifications. Scammers often make slight alterations to domain names to mislead users. If an email seems suspicious, it's wise to visit official channels directly instead of clicking links provided within the email. Always prioritize safety and legitimacy over urgency.

Visual Intelligence:

BharatSecure's AI has identified this as a used in scams targeting Indian users.

Who Does Threat Actors Spoofing FIFA Websites in Advance of the 2026 World Cup Target?

General public across India

Red Flags — How to Identify Threat Actors Spoofing FIFA Websites in Advance of the 2026 World Cup

FIFA
World Cup
website spoofing
phishing
cybercrime

What To Do If You Encounter Threat Actors Spoofing FIFA Websites in Advance of the 2026 World Cup

Report the incident immediately at cybercrime.gov.in or call the cybercrime helpline at 1930.
Monitor your bank statements closely for unauthorized transactions and report them to your bank.
Change your passwords for online banking and email accounts to prevent further access.
Enable two-factor authentication on important accounts to add an extra layer of security.
Educate friends and family about this kind of scam to prevent them from becoming victims.
Be cautious about sharing your personal information, especially during high-stakes events like the World Cup.

How to Report Threat Actors Spoofing FIFA Websites in Advance of the 2026 World Cup in India

Call 1930 — National Cyber Crime Helpline (24x7)
File a complaint at cybercrime.gov.in
Contact your bank immediately if money was lost
Call RBI helpline: 14440 for banking fraud

Frequently Asked Questions

What to do if I shared my OTP in a phishing scam?: Immediately report the incident to your bank's helpline (SBI: 1800-11-1109, HDFC: 1800-202-6161) and change your passwords.
How do I identify a scam website related to the FIFA World Cup?: Check the website URL for variations from the official FIFA site and ensure it uses HTTPS. Look for official contact details.
How do I report this type of scam in India?: You can report cybercrime incidents at cybercrime.gov.in or call the helpline at 1930 to file your complaint.
What are the steps to recover money after this scam?: Contact your bank immediately for assistance, request a chargeback if payments were made, and file a report with cybercrime authorities.

Related Scams in India

Verify Any Suspicious Message

Check any suspicious message, link, or call for free at bharatsecure.app. BharatSecure uses AI to detect scams in real-time and protect Indian users.