The World Cup Scam That Catches People Who Skip the Ads

It's 10:30 on a Tuesday night. You didn't get a ticket. You've accepted it. But the US plays in the group stage on June 12 and you want to watch from your couch. You open a new tab and start typing — not clicking a link, not responding to an ad, just going directly to what you assume is a FIFA streaming page. You transpose two letters in the URL. The site loads instantly. FIFA branding, the tournament schedule, a subscription offer for $17.99/month. Looks right.

You're about to give your card number to a scam site.

On May 27, 2026 — five days ago — the FBI issued a formal public service announcement warning about exactly this. Not the fake ads. Not the fake ticket resellers in your group chat. The sites that catch you when you're already trying to be careful.

What the FBI actually warned about

The FBI's Internet Crime Complaint Center published PSA260527{:target="_blank"} five days before the World Cup's opening match. In it, they identified at least 35 fraudulent domains actively spoofing FIFA's official web presence. Cybersecurity researchers at Group-IB, whose findings were widely reported in the days that followed, tracked more than 4,300 fraudulent domains impersonating FIFA since August 2025. These aren't all active simultaneously — but enough of them are.

The FBI specifically named the technique: typosquatting. Scammers register domains that look almost exactly like legitimate ones, counting on users making small typos when typing URLs. One transposed letter, one extra character, a plausible-sounding extension instead of ".com" — and you land on a site designed to look like you arrived exactly where you meant to.

The sites aren't obvious fakes. They have correct FIFA branding, real match schedules, functional checkout pages. They're designed by people who know that the target demographic has already learned to skip sketchy ads. The fake is built for the person who types the URL themselves.

It's not just tickets — fake streaming subscriptions are the new angle

The World Cup ticket scam has been running since last fall, and a lot of people are now aware of it. What the FBI warning added to that picture is the streaming angle, and it's worth understanding separately.

If you couldn't get a ticket — and most people couldn't — you're going to look for a way to watch online. Scammers built for this audience specifically. Among the fraudulent campaigns researchers identified ahead of the tournament are fake streaming subscription services: sites that offer to sell you access to all 104 matches for a monthly fee, styled to look like a legitimate broadcaster or an "official FIFA streaming partner."

There's no stream. Or there's a stream for three minutes before your browser gets redirected to a page asking you to update a browser plugin that is, in fact, malware. Either way, you've handed over your card number and, in many cases, created an account with an email and password that the site's operators now have.

Two things make this category particularly effective. First, there genuinely are multiple real streaming options for this tournament — Fox Sports, Peacock, Telemundo — which means a "streaming subscription" doesn't immediately sound wrong. Second, the scam site shows up before you've confirmed where you're actually supposed to go, which means the fake looks like the answer to your search.

Why this catches people who already know better

Here's the part that matters. Most people reading this have been through enough scam awareness to be suspicious of unsolicited ads. You know not to click a Facebook ad for discount tickets. You know to be skeptical of DMs from people you don't know offering "deals." You've been told to type URLs directly rather than clicking links.

Typosquatting is designed for you specifically.

The attack works because you're doing the right thing. You're not clicking an ad. You're not responding to a cold message. You're navigating directly, which is what every security guide tells you to do. And a one-character mistake — "fifas.com" instead of "fifa.com," or "fifia2026.com" instead of "fifa.com/tickets" — puts you on a site that your careful behavior wasn't designed to catch.

The streaming variant adds another layer. You're not panicked about missing a flight or scrambling for sold-out tickets at 11pm. You're calmly doing research a week before the game. Calm research feels safe. It isn't.

The red flags that still hold up

The "check for typos in the copy" heuristic doesn't apply here — these sites are professionally built. Here's what does matter:

The only official FIFA ticket platform is accessible from fifa.com. If a URL isn't exactly fifa.com — and the path after it belongs to the FIFA ecosystem — it's not an official FIFA property, regardless of how it looks.

The official US streaming options are Fox Sports and Peacock. Fox Sports (Fox One and the Fox Sports app) carries all 104 matches in English. Peacock carries all 104 matches in Spanish, via NBCUniversal's Telemundo partnership. Telemundo also broadcasts 92 matches free over the air. That's the complete list of licensed US broadcasters. Any site claiming to be an "official FIFA streaming partner" that isn't one of those doesn't have the rights to stream anything, legally.

Check the domain registration date before you type a card number. Go to lookup.icann.org{:target="_blank"} and run the domain. FIFA.com is decades old. A "FIFA streaming platform" domain registered in 2025 or 2026 is not affiliated with FIFA.

The subscription appeared before you could see any content. Legitimate streaming services let you browse what you're buying before asking for payment. A site that goes straight to a billing page before showing you a preview, a channel list, or any other content is a warning sign.

Payment is being routed outside a credit card. A scam streaming site might accept crypto, Zelle, or Venmo "for a discount." Legitimate broadcasters run credit cards. Credit cards give you chargeback rights. Scammers don't want you to have those.

The deal is significantly better than what authorized options cost. Fox Sports already carries World Cup coverage free if you have cable. Peacock Premium is around $7.99/month. An offer that presents itself as dramatically cheaper than the legit option is competing on price against a product it doesn't actually have.

If this already happened to you

Don't send more money. The "World Cup ticket recovery service" that contacts you a few days later is a second scam targeting people who already got hit. This pattern is well-documented — see our piece on recovery scams if you've been approached.

If you paid by credit card, call your issuer immediately and dispute the charge. You have the best chance here. Start the process today — the window matters.

If you created an account using an email address and password you use elsewhere, change that password on every other account that uses it right now. Fake streaming sites often exist specifically to harvest credentials they'll reuse or sell. Don't wait.

If you downloaded an app or browser extension from the site, treat your device as potentially compromised. Change passwords you've entered on that device recently, run a scan with a real security tool, and monitor your accounts.

File a report with the FBI at IC3.gov{:target="_blank"} and the FTC at ReportFraud.ftc.gov{:target="_blank"}. The FBI is actively tracking the fake FIFA domain campaign — your report contributes to enforcement.

If you're not sure whether a site you visited is legit, check it at Cautellus before taking further action.

Where the real streams are — bookmark these right now

This is the practical part. Before June 11:

• Fox Sports (English): fox.com/soccer or the Fox Sports app, with your cable login. Selected matches on Fox network TV free with an antenna.
• Peacock (Spanish, all 104 matches): peacocktv.com, Peacock Premium subscription required.
• Telemundo (Spanish, 92 matches free): Over-the-air television, no subscription needed.

Bookmark those URLs directly right now — before you're scrambling for a stream at 11am on a Wednesday and you end up typing something slightly wrong under time pressure.

Frequently asked questions

What is typosquatting? Typosquatting is when scammers register domains that look almost identical to legitimate ones — differing by one character, a different extension, or a plausible-sounding variation — to catch users who make small mistakes when typing URLs. The FBI's May 27 PSA identified at least 35 FIFA domains using this technique. It's specifically effective against people who are trying to be careful and navigate directly rather than clicking ads.

How do I know if a World Cup streaming site is actually licensed? In the US, Fox Sports and Peacock are the only entities with licensed rights to stream all 104 matches of the 2026 World Cup. Telemundo broadcasts 92 matches on free over-the-air television. Any other site claiming to offer a full World Cup streaming subscription does not have the broadcasting rights to do so, regardless of what its homepage says.

I paid a fake streaming site with my credit card. What now? Call your card issuer immediately and dispute the charge as fraud. This is your best path to recovery. If you created an account with a reused password, change that password on every account using it. File a report at IC3.gov and ReportFraud.ftc.gov. If you downloaded anything from the site, treat the device as potentially compromised.

Is there a free legal way to watch the World Cup in the US? Yes. Fox will broadcast matches on its broadcast network TV channel, which is free with a standard antenna. Telemundo will carry 92 matches over the air, also free. You don't need a paid streaming subscription to watch most of the tournament legally.

How do I report a fake FIFA website? File a report with the FBI at IC3.gov{:target="_blank"} — they are actively tracking the fake FIFA domain campaign and your report contributes directly to enforcement. You can also report it to the FTC at ReportFraud.ftc.gov{:target="_blank"} and flag it to FIFA directly through their official contact channels at fifa.com.

This is different from the ticket scam I already heard about — how? The World Cup ticket scam is primarily about fake resale sites that find you through ads, social media, and group chats. The FBI's May 27 warning covers something different: sites that catch you when you navigate there yourself through a URL typo, plus a separate category of fake streaming subscription services targeting fans who couldn't get tickets. Different attack, different protective response.

---

Scammers built 4,300 websites for the moments when you're moving fast. Bookmark where you're going before you need it.

Sources: FBI IC3 PSA260527, May 27, 2026{:target="_blank"}; Group-IB research on fraudulent FIFA domains as reported by TechRadar and multiple outlets; Fox Sports 2026 FIFA World Cup{:target="_blank"}; Goal.com on official US streaming rights.