New Delhi, June 14 -- Football fans searching for FIFA World Cup 2026 tickets are being targeted by a sophisticated cybercrime operation that uses fake FIFA ticketing websites capable of stealing payment card details and intercepting one-time passwords (OTPs), according to cybersecurity firm CloudSEK.

Researchers uncovered at least 40 fraudulent FIFA-themed websites linked to a Chinese-origin threat network. Unlike conventional phishing campaigns, the operation reportedly functions as a real-time man-in-the-middle framework, allowing attackers to monitor victims during checkout, capture card information, and potentially bypass SMS-based two-factor authentication by relaying OTPs in real time.

CloudSEK said the scam infrastructure includ...