FBI and LA Sheriff Warn FIFA World Cup Fans Over Fake Tickets and Crypto Scams

Two US law enforcement agencies have issued back-to-back warnings about fraud targeting fans ahead of the 2026 FIFA World Cup, which kicks off on 11 June across Canada, Mexico, and the United States. The FBI Cyber Division and the Los Angeles County Sheriff’s Department both flagged a surge in fake websites, fraudulent ticket sales, and crypto-linked scams designed to steal personal and financial information from football supporters.

FBI Identifies 36 Fake FIFA Domains as Typosquatting Campaigns Scale Up

The FBI’s Internet Crime Complaint Center has identified at least 36 fraudulent domains spoofing FIFA’s official website, with further fake domains expected to emerge throughout the tournament. The fake sites use typo squatting, a technique involving registering addresses that differ from fifa.com by a single letter, extra word, or alternate domain suffix, combined with cloned branding and, in some cases, full replicas of FIFA’s single sign-on authentication flow.

Cybersecurity firm Check Point Research recorded 9,741 new domains carrying FIFA or World Cup keywords in April 2026 alone, more than four times the February figure and over five times the peak seen during Qatar 2022. By early May, one in every 41 of those domains was already confirmed to be suspicious or malicious. Group-IB separately identified one sophisticated operator running a pixel-perfect FIFA replica across more than 300 domains in 11 languages. Shufti’s breakdown of the FIFA 2026 fake ticket and platform fraud landscape covers how this domain infrastructure feeds downstream fraud across payments and identity verification platforms.

The LA County Sheriff’s Department warned fans to avoid clicking sponsored search results, social media posts, or messaging app links, and to type www.fifa.com directly into their browser. The department also flagged fake hospitality packages, counterfeit merchandise, fraudulent streaming services, and bogus betting promotions as active scam vectors, noting that requests for payment via cryptocurrency, wire transfer, peer-to-peer apps, or gift cards are clear indicators of fraud, as such payments cannot be reversed.

World Cup Fraud Extends Well Beyond Fans to Platforms and Operators

The fraud window created by a tournament of this scale reaches beyond individual fans. Platforms processing payments, handling ticket transactions, or operating in adjacent markets face a coordinated surge in account takeover attempts, identity fraud, and synthetic account creation as criminals exploit elevated traffic and reduced scrutiny.

For iGaming and sports betting operators, the compliance exposure runs deeper than fraud prevention alone. FIFA 2026 spans three host nation jurisdictions, each with distinct AML frameworks. FinCEN requires US sportsbooks to file SARs on suspicious activity at $5,000 and above, while the UKGC carried out 9,700 compliance actions in 2024/25. Shufti’s guide to sports betting AML for FIFA 2026 covers the transaction monitoring and PEP screening controls operators need before tournament volumes peak. For broader platform fraud defence, Shufti’s iGaming fraud prevention guide covers the detection stack needed to handle tournament-scale abuse campaigns without creating friction for legitimate players.

Shufti’s fraud prevention solutions support real-time identity verification, document authentication, and AML screening across 235+ countries, helping platforms verify who is on the other side of a transaction before funds move. Request a demo to assess readiness ahead of the tournament window