The FBI is warning World Cup fans to only visit the official FIFA website. Scammers have been flooding the internet with fake FIFA websites in anticipation of the massive international tournament, hoping to perpetrate fraud on fans.
“A spoofed website is designed to pose as a legitimate website, with branding, product listings, etc., and malicious actors use them to further illegal activity like personal information theft and facilitating monetary scams,” the FBI wrote in a public service announcement.
“Threat actors often create spoofed websites by slightly altering characteristics of legitimate website domains, with the purpose of gathering personally identifiable information (PII) entered by a user into the site, including name, home address, phone number, email address, and banking information.”
The FBI warns that, to mimic a genuine website, spoofed website domains may use different top-level domains or different word spellings. While attempting to access FIFA’s and the World Cup’s website, members of the public could unintentionally visit spoof websites.
“Threat actors create a deceptive version of a legitimate website (www.fifa.com) with the goal of tricking users into believing they’re interacting with an official brand,” the FBI continued.
They will often attempt these things by creating websites that mimic the legitimate URL by using a minor misspelling or alternative top-level domains, such as .org rather than .com. They may also register illegitimate websites such as jobs-fifa[.]com to impersonate legitimate subdomains.
Below are some examples of scam domains that the FBI has already identified.
FBI recommendations to avoid scam FIFA World Cup websites
To help avoid these scam FIFA websites, the FBI recommends that users type “fifa.com” directly into the address bar, avoid any “sponsored” results in search engines, and use bookmarks or favorites to navigate back to legitimate, safe FIFA websites that you have already visited.
Also, avoid any links that may include suspicious artifacts or graphics, such as unprofessional or low-quality graphics, as well as any ads that do not appear to be authentic.
They also recommend visiting subdomains such as plus.fifa.com only from the official FIFA homepage and never sharing sensitive information if you are unsure of the website’s legitimacy.