World Cup-themed scams are now part of a broader fake-shop wave spoofing Samsung, Nike, Adidas and other global brands across Europe, according to new research from Bitdefender Labs.
A Bitdefender Labs report published Tuesday identified more than 55 fake-shop campaigns operating between March and May 2026 across 12 European countries. The campaigns impersonated brands including Samsung, Nike, Adidas, ZARA, H&M, Amazon, Lidl and SHEIN.
The fraud was not limited to one channel. Bitdefender said attackers used Facebook ads, WhatsApp messages, email, SMS, phone calls and fake e-commerce sites to lure victims into making payments, sharing personal information or buying counterfeit goods.
The World Cup angle gives the operation a timely hook. Bitdefender found fake Adidas Deutschland 2026 Fan Kit messages, counterfeit football merchandise campaigns and domains tied to World Cup-themed gear, including footballiscrazy[.]com, unitedfutballjersey[.]com and kicksfireshoes.com[.]co.
That makes the campaign part of a larger tournament-driven fraud environment. Security Point Break previously covered the FBI’s warning that scammers were spoofing FIFA sites ahead of the 2026 World Cup. The FBI’s public service announcement warned that spoofed FIFA domains were being used to steal personal information, sell fake tickets and hospitality products, and support other scams.
The new Bitdefender findings show the same pressure points at work in retail fraud: brand recognition, paid ads, steep discounts, fake urgency and fast-moving domains.
One campaign promoted Samsung Galaxy S26 Ultra devices to German consumers for $283 while advertising discounts of up to 90 percent. Bitdefender said the operation used Facebook ads and domains including shopintertec[.]com, shop.zppzddw[.]shop and shop.fjjfxxz[.]shop. Researchers said the campaign generated substantial engagement, including hundreds of thousands of ad views.
Other campaigns reused infrastructure across brands. Bitdefender linked ZARA and Nike impersonation efforts to the same Polish hub, notcia[.]shop, and the same advertising identity. The Nike-themed pages asked shoppers for detailed delivery information, including home addresses, house numbers and postal codes.
WhatsApp also played a role. Researchers identified a China-based operator calling himself “Carl” who promoted “1:1 quality” counterfeit Nike, Adidas, Jordan, Golden Goose, watches, bags and other goods to European users through WhatsApp and password-protected Yupoo catalogs.
The tactics echo a broader scam pattern: fraud now behaves like a sales funnel, with malicious ads generating leads, messaging apps adding trust, and follow-up channels closing the transaction.
The World Cup has become a natural accelerator. Intel 471 said the 2026 tournament creates one of the largest cyberattack surfaces in sports, spanning ticketing portals, transportation networks, streaming platforms, stadium systems and sponsor networks. The company said it identified roughly 19,000 FIFA-themed domains created since January 2026.
FortiGuard Labs separately reported more than 13,000 World Cup-themed domains registered between January and May, with about 8.8 percent classified as malicious or suspicious. Fortinet also said it found more than 1,700 suspected FIFA-related impersonation accounts and channels, most of them on Facebook and Instagram.
For consumers, the warning is straightforward: type known retailer and FIFA domains directly into the browser, avoid sponsored links for tickets or merchandise, and treat steep discounts, countdown timers and WhatsApp follow-ups as red flags.
For brands and platform security teams, the takeaway is bigger. These are not one-off fake shops. They are brand-abuse operations with advertising budgets, localized storefronts, reusable domains, social media delivery and enough infrastructure to pivot from Samsung phones to Nike shoes to World Cup jerseys as soon as demand shifts.
