A report by CloudSEK has uncovered around 40 fake FIFA World Cup 2026 ticketing websites run by a cybercrime network of about 15 operators. The scam uses cloned ticket portals, real-time phishing, card skimming, and OTP interception to steal payment data. Social media drives traffic, with victims reported across multiple countries, indicating a large-scale global fraud operation.

New Delhi: At least 40 fake FIFA World Cup 2026 ticketing websites linked to a fraud network involving 15 active cybercriminal operators have been identified, according to a report released on Friday.

The report by cybersecurity firm CloudSEK said the operation goes beyond traditional phishing scams and uses cloned FIFA ticketing platforms, real-time card skimming and potential OTP interception capabilities to steal payment information from unsuspecting users.

The fraudulent websites closely mimic legitimate FIFA ticketing portals, featuring official-looking branding, match schedules, stadium information, shopping carts, payment gateways and secure checkout messages designed to gain users' trust, it said.

The campaign functions as a real-time man-in-the-middle phishing framework capable of tracking a victim's checkout process, capturing card details including card numbers, expiry dates and CVV information, and potentially relaying one-time passwords (OTPs) to bypass SMS-based authentication.