LIVE · cybersecurity feed
scamsmedium

Football Fever Fuels Scam Campaigns Across Email and Social Media

zeroday.news·42d ago
ShareXLinkedInWhatsAppFacebook

Football fans are increasingly becoming targets of sophisticated scam operations that leverage the excitement surrounding major tournaments and club loyalties, according to recent findings from Bitdefender Labs. Investigations have uncovered over 55 distinct scam campaigns exploiting various aspects of football fandom, including merchandise, streaming services, collectibles, and giveaways. These fraudulent activities are primarily disseminated through social media advertisements and email.

The FIFA World Cup 2026 has emerged as a significant lure for cybercriminals, but scammers are also preying on supporters of specific national teams and club teams, as well as those interested in football collectibles and streaming content. Meta-owned platforms, including Facebook and Instagram, have been heavily utilized for malvertising campaigns promoting fake football merchandise and phishing pages. Users in countries such as the UK, Portugal, Spain, Algeria, the United States, Canada, Mexico, Belgium, Germany, Brazil, and Australia have been identified as primary targets.

Researchers observed a trend of aggressive malvertising on social media, with scam ads designed to blend seamlessly into users' feeds. These advertisements often feature realistic product images, football-related imagery, countdown timers, and urgency tactics like "limited stock" or "selling out fast." The ads typically redirect users to fake online stores or phishing pages intended to harvest payment details and personal information. Several suspicious domains, including faithoutfit[.]uk and defwear[.]uk, were repeatedly flagged during the investigation.

Specific club and national team supporters have been targeted. Campaigns have promoted fake merchandise and Panini sticker offers for England, Scotland, the Tartan Army, and Hearts FC. Early in 2026, researchers also noted football-themed scam ads promoting supposed FIFA World Cup 2026 Panini sticker albums and collectibles. These fraudulent promotions sometimes exhibited branding inconsistencies and typos, such as using "WordCup" instead of "World Cup," while attempting to mimic official football and Panini branding.

The investigation also revealed coordinated IPTV piracy operations and fake football applications targeting fans, particularly in regions like Portugal and Algeria. Some of these operations were linked to organized overseas entities employing structured advertising infrastructures. Evidence, such as Simplified Chinese UTM campaign parameters embedded within advertising tracking, has directly attributed certain counterfeit football merchandise campaigns to Chinese operators. These findings suggest a level of organization involving campaign testing and multi-storefront management.

One notable scam operation focused on parents purchasing children's football kits. This campaign, associated with the website malskitukpatch.com and operating under the name "PrimeFinds UK," advertised children's kits with false claims of fast dispatch from the UK and free shipping. Researchers found no evidence to support these claims, suggesting products were likely shipped from overseas, leading to potential delays, poor quality, and difficulties with returns. The operator also promoted unrelated products, a common tactic in low-trust dropshipping operations.

Bitdefender's Antispam Lab also identified multiple email scam campaigns impersonating FIFA World Cup 2026 organizations. These emails falsely claimed recipients had won significant cash prizes through lotteries or promotional draws, instructing them to contact fake "claims agents." The scams mimicked official entities like the FIFA Legal and Compliance Division and included elements such as reference numbers and legal terminology to appear legitimate. Some variations requested sensitive personal information, including passport details, raising concerns about identity theft.

These FIFA-themed lottery and giveaway scams are described as following the structure of classic advance-fee fraud but are made more convincing by leveraging the widespread anticipation of official promotions and tournament-related offers. The researchers noted that these email scams were observed operating in conjunction with other football-related fraud schemes, including fake merchandise stores, ticket scams, and social media malvertising.

scamsphishingmalvertisingsocial mediafootball
ShareXLinkedInWhatsAppFacebook
← Back to latest

More News

view all →
zeroday.news · 1h ago·high

Accenture Confirms Security Incident After Hacker Claims 35GB Source-Code Theft

Accenture has acknowledged a security incident after a threat actor advertised what they claim is stolen internal data. The attacker, using the alias "888", says they took more than 35GB of source code and cloud credentials from the consulting giant and are offering it for sale. Accenture says it has addressed the source of the issue and that its operations were not disrupted.

zeroday.news · 5h ago·high

China-Linked APT Expands Arsenal With New ‘Leash’ Backdoors

A China-linked advanced persistent threat (APT) group, identified as LapDogs, has reportedly enhanced its malicious toolkit. Security researchers have observed the deployment of three new backdoors: LongLeash, DogLeash, and JarLeash, which are designed to compromise small office/home office (SOHO) routers.

zeroday.news · 5h ago·high

RedWing Android Spyware Sold as a Service on Telegram

A new Android spyware called RedWing is being offered as a service on Telegram, allowing less sophisticated attackers to compromise phones and steal banking information. Researchers have identified it as a polished malware-as-a-service operation with extensive documentation and a subscription model, potentially linked to Russian threat actors. RedWing employs fake login overlays, SMS interception, call forwarding, and even screen control to harvest credentials and conduct further malicious activities.

zeroday.news · 5h ago·high

Operationalizing Day Minus Seven: The Cloud-Native ROC

The article introduces the concept of a Risk Operations Center (ROC) as a necessary evolution for cybersecurity teams facing AI-driven threats. It argues that traditional risk management models are insufficient due to the speed at which AI can discover and exploit vulnerabilities, especially in cloud environments. A ROC, powered by platforms like Qualys Enterprise TruRisk Management (ETM), aims to unify disparate security findings, hyper-prioritize risks based on exploitability and business impact, and enable autonomous remediation to keep pace with attackers.

zeroday.news · 6h ago·critical

Ubiquiti Patches Critical UniFi Flaws Across Connect, Talk, Access, Protect, and OS

Ubiquiti has released security updates to address several critical vulnerabilities affecting its UniFi product line, including UniFi Connect, Talk, Access, Protect, and OS. These flaws could allow attackers to escalate privileges or execute arbitrary commands on affected devices. While no active exploitation has been reported for these specific vulnerabilities, the company has previously seen its UniFi OS and Edge OS products targeted by threat actors.

zeroday.news · 6h ago·high

Armored Likho Hits Government, Energy Sectors With BusySnake Stealer

Cybersecurity researchers have identified a new threat actor, dubbed Armored Likho, targeting government and energy sectors in Russia, Kazakhstan, and Brazil with a sophisticated phishing campaign. The operation utilizes a custom-built Python infostealer named BusySnake, designed to steal credentials, sensitive documents, and other high-value data. The attackers employ AI-generated payloads to obscure their activities and maintain persistence through various methods, including reverse SSH tunneling.