This article discusses a scam that impersonates FIFA and its official hospitality partner, On Location. Neither FIFA, On Location, Stripe, nor their services are involved in the scam, and this article should not be interpreted to state or imply any wrongdoing on their part.

The excitement around FIFA World Cup 2026 is real, and cybercriminals are counting on it. With millions of fans searching for once-in-a-lifetime hospitality packages, scammers have built convincing fake versions of the official FIFA ticketing and hospitality site. TrendLife researchers have identified one of these operations actively targeting fans. Here’s what it looks like and how to spot it before entering any personal or payment information.

How this scam works

Cybercriminals created a near-perfect replica of the official FIFA On Location hospitality portal, the legitimate site where fans purchase premium World Cup packages. The fake site copies the real site’s branding, layout, team badges, and even links to actual FIFA legal documents to appear credible. It also has Google Translate built in, so it automatically adapts to any language, putting fans anywhere in the world within reach.

The site also presents a login page before you can browse for any packages. It asks for an email address and password, mimicking a genuine FIFA account sign-in. In reality, the site has no connection to FIFA’s account system. Any credentials entered go directly to the criminals, and the site allows anyone through regardless of what is provided.

When someone browses the fake site and proceeds to checkout, a carefully engineered sequence of events begins:

1. You enter your card details on what looks like a legitimate checkout page.
   
   
2. Cybercriminals receive your card data in real time.
   
   
3. They immediately attempt a real transaction elsewhere using your stolen card details.
   
   
4. Your bank sends a verification code by text message as a security step.
   
   
5. The fake checkout page prompts you to enter that code, making it appear to be a normal part of the purchase process.
   
   
6. Cybercriminals capture the code in real time and use it to complete the unauthorized transaction.
   
   
7. You receive a fake order confirmation page, leaving you with no reason to suspect anything went wrong.

The entire flow is designed to look and feel like a normal online purchase from start to finish.

What the fake site looks like

The criminals behind this scam put real effort into making the fake site convincing. It loads actual video content and assets from legitimate FIFA and On Location servers. It links to real FIFA social media accounts. It mimics an account login system and displays authentic-looking legal documents.

The URL, however, tells a different story. The official FIFA hospitality portal is accessible through fifa.com. The fake site uses a domain ending in .shop, a small but critical difference that’s easy to miss when you’re excited about securing tickets.

The FBI’s Internet Crime Complaint Center has issued a public warning (PSA I-052726-PSA, May 2026) about cybercriminals spoofing FIFA websites ahead of the tournament, naming related fake domains as part of the same pattern.

Red flags to watch for

Cybercriminals design these sites to be convincing, and even experienced internet users can encounter them. Here’s what to look for:

• Wrong domain. The official FIFA hospitality site is accessible through fifa.com. Any site on a .shop, .store, .net, or similar domain claiming to sell FIFA hospitality packages is not the real site. Check the full URL before entering anything.
  
  
• Checkout redirects to a different site. On the real hospitality portal, payment stays within the same trusted domain or routes through a recognized payment processor. If clicking “checkout” takes you to a completely different website, stop.
  
  
• Unfamiliar payment gateway. Legitimate FIFA hospitality uses established payment processors. If the payment page is on a domain you don’t recognize, that’s a serious warning sign.
  
  
• A verification code prompt during checkout. If a site asks you to enter a code that just arrived by text from your bank, contact your bank directly before entering anything. Cybercriminals use this step to authorize transactions on your behalf in real time.
  
  
• Familiar payment logos that don’t match the checkout experience. Scammers may display recognized payment brand logos to appear trustworthy, without those processors actually being involved. If the checkout page feels off or inconsistent with how you normally pay online, trust that instinct.

Simple steps to stay protected

• Go directly to the official site. Navigate to fifa.com and find the hospitality portal from there. Avoid clicking links in emails, social media posts, or messages, even if they look official.
  
  
• Check the full URL before entering any information. Look for the complete domain, not just a logo or familiar-looking page. Official FIFA properties are under fifa.com.
  
  
• Stop if checkout leaves the original site. If the payment step redirects you to a different domain, close the browser tab and do not proceed.
  
  
• Contact your bank immediately if you entered card details. If you’ve already provided payment information on a site you’re now unsure about, call the number on the back of your card right away. Your bank can block the card and help you take next steps.
  
  
• Use TrendLife ScamCheck. ScamCheck can help you verify whether a link or website is legitimate before you share any personal or payment information.

What this operation tells us

TrendLife researchers who documented this site found something worth naming beyond the scam itself. This is not a static data collection page that stores card details for later use. It is a live operation: an operator actively monitoring each checkout session in real time, waiting for the bank verification code to arrive, and using it immediately to complete a transaction elsewhere. That entire operation was built using a no-code website builder, assets hotlinked directly from legitimate FIFA and On Location servers, and automatic translation to reach fans in any language.

The infrastructure required to run a real-time card interception campaign is far more accessible than most people assume, and major global events will continue to attract exactly this kind of investment. Knowing how these operations work is the first step to recognizing them.

You’ve got this

Cybercriminals target major events like the World Cup precisely because the excitement is real and the stakes feel high. These fake sites are built by skilled operators who know how to make deception look convincing, so encountering one doesn’t reflect on you. What matters is knowing what to look for. Verify the domain, watch for payment redirects, and when something feels off, trust that instinct and check before proceeding. The real World Cup experience is worth protecting.