FIFA World Cup: GSE enables partners to detect fraud before it reaches consumers

Major sporting events have always attracted fraud, but the 2026 FIFA World Cup represents a different order of magnitude. In May 2026, the FBI published a list of domain names likely to be used in spoofing attacks against FIFA infrastructure ahead of the tournament. Taking that as a starting point, we searched the Global Signal Exchange (GSE) using seven keyword patterns covering variations of FIFA, World Cup, and common typosquats designed to slip past standard filters. What came back was striking: a steady build in suspicious signals from September 2025, when ticket sales opened, then a sharp spike in the weeks before the tournament began. This was not noise. It was coordinated infrastructure being assembled well in advance, and the GSE made it visible when it mattered.

We also searched exactly for the fake domains listed in the FBI report, finding that fifa.city, ww-fifa.com, fifa-com.com, fifa.bio, jobs-fifa.com, fifa2026fworldcup.com, fifa-com.services, fifa-online.com, fifa-2026.xyz, fifa.blue, fifa.pink, fifa.pub all appear in the GSE.
That finding sits alongside a case study from Meta and Visa that shows exactly what happens when that kind of intelligence gets acted on. Before the tournament started, Visa's Scam Disruption Practice identified unusual payment and domain activity and shared those signals with Meta through the GSE. Meta was then able to map and take down a network of fake Facebook pages promoting fraudulent World Cup sites before they reached fans at scale. The GSE provided the connection between two organisations, enabling them to share what they knew and take appropriate action. For fraud professionals, the point is not that this collaboration went well. It is that the infrastructure to make it happen now exists, enabling real-time, multidirectional signal sharing across geographic borders and sectors, to combat the transnational threat of industrialised fraud.


