Four days out from the World Cup kick-off, the scams are already in full swing. Security researchers have counted more than 4,300 fake FIFA domains registered since August 2025 — including a 300-site phishing operation that clones the real fifa.com login page so convincingly it loads images from FIFA’s own servers, as reported by The Hacker News. The FBI’s advisory lists dozens of lookalike domains and says more are coming.

Who’s affected

Anyone hunting tickets, streams or merch — which from next weekend includes a lot of Australians, with the Socceroos playing Türkiye at 5am AEST on Sunday 14 June. The nastier end of the campaign hides banking malware inside pirate streaming apps that overlay fake bank login screens and intercept one-time passcodes. And because people do their ticket hunting on the same devices they use for work email, one stolen login can become a business problem before lunch.

What to do

Type fifa.com directly into the address bar and skip sponsored search results. Every match is free on SBS and SBS On Demand, so nobody needs a sideloaded streaming app — on a personal phone or a work one. FIFA’s official ticketing never takes cryptocurrency, so any seller asking for it is a scam. Turn on multi-factor authentication, and send a two-line warning to your team this week — it’s cheaper than the cleanup.

If your staff haven’t seen a phishing lure like this before, they will soon. Our security awareness training runs simulations built on exactly these tricks.