New Delhi, June 12 (SocialNews.XYZ) At least 40 fake FIFA World Cup 2026 ticketing websites linked to a fraud network involving 15 active cybercriminal operators have been identified, according to a report released on Friday.
The report by cybersecurity firm CloudSEK said the operation goes beyond traditional phishing scams and uses cloned FIFA ticketing platforms, real-time card skimming and potential OTP interception capabilities to steal payment information from unsuspecting users.
The fraudulent websites closely mimic legitimate FIFA ticketing portals, featuring official-looking branding, match schedules, stadium information, shopping carts, payment gateways and secure checkout messages designed to gain users' trust, it said.
The campaign functions as a real-time man-in-the-middle phishing framework capable of tracking a victim's checkout process, capturing card details including card numbers, expiry dates and CVV information, and potentially relaying one-time passwords (OTPs) to bypass SMS-based authentication.
In addition, the investigation identified a broader fraud ecosystem that includes a rogue payment processing network and a multi-tenant infrastructure supporting multiple operators.
The backend infrastructure is hosted through a Chinese-language administrative panel and supports at least 15 separate operator instances, suggesting a scalable cybercrime operation rather than isolated phishing websites.
“This campaign shows how major global events are being weaponised by organised cybercriminal groups. The threat is no longer limited to fake ticket listings or basic phishing pages. We are now seeing full checkout impersonation, live victim tracking, card skimming and OTP interception capabilities being combined into one operational platform,” said Gagan Aggarwal, Threat Intelligence Researcher at CloudSEK TRIAD.
Moreover, the report identified several indicators pointing to Chinese-origin threat actors, including a backend interface rendered in Simplified Chinese, repeated administrative access from China-based IP addresses and internal platform naming conventions.
CloudSEK further noted that social media platforms are playing a significant role in driving traffic to the scam websites, with Facebook accounting for around 60-65 per cent of observed user sessions and Instagram contributing approximately 15 per cent.
The victim footprint spans multiple countries, with primary targeting observed in the United States and additional activity detected across Italy, Romania, Australia, Canada, Germany, South Korea, Saudi Arabia, South Africa and several other markets.
Source: IANS
Gopi Adusumilli is a Programmer. He is the editor of SocialNews.XYZ and President of AGK Fire Inc.
He enjoys designing websites, developing mobile applications and publishing news articles on current events from various authenticated news sources.
When it comes to writing he likes to write about current world politics and Indian Movies. His future plans include developing SocialNews.XYZ into a News website that has no bias or judgment towards any.
He can be reached at gopi@socialnews.xyz
This website uses cookies.
