Cybersecurity researchers from PreCrime Labs (BforeAI) uncovered a large-scale, premeditated cyber campaign targeting the 2025 FIFA Club World Cup and 2026 FIFA World Cup, involving 498 malicious domains registered to exploit fan excitement. Threat actors employed long-term domain aging (some registered as early as 2023 for 2030/2034 tournaments), typosquatting (e.g., fifaworldcupstadiucom), and multilingual phishing (Mandarin sites for crypto scams and fake streaming). The attack vectors included: - 56 counterfeit merchandise stores defrauding fans. - 55 fake streaming platforms stealing credentials/payments under the guise of free match access. - 32 unregulated betting sites siphoning funds. - Fraudulent FIFA Coin ICOs, falsely claiming $18M staked to lure investments. - Credential phishing via domains like fifaworldcup-login[.]com, harvesting user data. - Geotargeted scams (e.g., fifawcdallas[.]com) exploiting U.S. host cities. - Influence operations disguised as social activism to manipulate fans into financial fraud. The campaign leveraged disposable infrastructure (cheap TLDs like .xyz, .shop) and registrars like GoDaddy/Namecheap to evade detection. While no direct data breach of FIFA’s systems was confirmed, the operation eroded trust in official channels, risked financial losses for fans (via scams, fake merchandise, and betting fraud), and damaged FIFA’s reputation ahead of major tournaments. The sophisticated social engineering and global scale* suggest potential for escalation into larger financial or reputational harm if unchecked.