Emerging Playbooks: How Scammers Leverage Vibe Coding for Fraudulent Ticket Sites
After years of anticipation, the 2026 FIFA World Cup has kicked off. The ticket scam game has been seen before. What’s new is the sophistication of the storefronts, made possible by AI vibe coding software.
After years of anticipation, the 2026 FIFA World Cup has kicked off. The massive amount of attention paid to the event, along with high ticket demand, creates a perfect environment for opportunistic scammers looking to lure fans seeking last-minute deals. The ticket scam game has been seen before. What’s new is the sophistication of the storefronts, made possible by AI vibe coding software.
We recently uncovered scam websites offering World Cup packages. We observed two websites, worldcup2026ticket[.]shop and ticketworldcup2026[.]com, that claimed to be "Authorized FIFA ticketing partners." Months before the final teams were decided, scam actors started registering domains with titles like these or typosquatted variations—a common tactic during big events. What’s new is AI tools like Lovable.dev make it possible for scammers to launch well-designed websites, likely within minutes.
Key Findings
Opportunistic Infrastructure
High-demand global events create an ideal environment for ticket scammers who exploit consumer urgency and limited ticket availability.
The AI Coding Shift
Bad actors are moving away from amateurish layouts and instead utilizing generative AI development tools like Lovable.dev to spin up polished, professional-looking sites, likely in minutes.
Pivot to Private Channels
Rather than advertising suspiciously low prices, these fraud operations encourage targets to inquire about pricing, leading them to encrypted WhatsApp channels where the scam is likely to commence.
Cross-Platform Presence
Scammers set up social media accounts, such as TikTok profiles with AI-generated World Cup-themed videos, to funnel unsuspecting fans to the scam ticket site.
Network-Level Defense
Protecting your brand from these fleeting, adaptive threats requires moving beyond localized domain takedowns to map and investigate the broader infrastructure and networks behind them.
The scam site in this example presents a polished, professional-looking front. We are highly confident the site was built with Lovable, as evidenced by the default Lovable.dev favicon in the address bar. Using AI to build the site not only enables sophisticated design but also instantly populates it with pertinent content, including match schedules and ticket options. This example includes a schedule of all the cities and teams. No ticket pricing information is listed on the site.
The Shift to Encrypted Channels and Cross-Platform Lures
What makes this counterfeit World Cup site notable is the absence of the classic "too good to be true" pricing signal; in fact, no prices are listed. At a costly event like the World Cup, this omission could be intentional to prompt the victim to reach out to the scammer directly. Scam domains are often set up for temporary use, and it is not uncommon for the quality to be lacking or incomplete.
Online scammers often shift conversations from public-facing infrastructure to private, encrypted channels. In this case, the "Contact Us" buttons on the detected sites linked to two different WhatsApp numbers utilizing +1 country codes (U.S. and Canada).
How Scammers Lure Victims to Their Sites
To drive traffic, scam actors rely on cross-platform infrastructure like setting up social media profiles to direct people to their site. In this case, we identified an active TikTok account that specifically advertises worldcup2026ticket[.]shop in its bio.
Creating Fake Avatars
The account used a stock image profile picture that matched the avatar on the connected WhatsApp account.
Posting AI-generated Videos
The account posts videos of sports imagery and voiceovers about tickets, likely using AI tools, to engage World Cup fans and direct them to the ticket scam website.
Earning Engagement With Over 20K Views
The TikTok account promoting the ticket scam website had low engagement overall, with only 45 followers; however, the account's first video was viewed over 20k times.
While AI tools dramatically speed up development and lower the skill barrier to building convincing fraud infrastructure, they do not inherently improve the engagement or quality of the auxiliary social media accounts used to promote them.
Based on the underlying infrastructure,including mail servers, hosting providers, and cached registration data pointing to Chinese and Vietnamese user networks, we assess that this activity likely originated with operators in China or Southeast Asia. We have not observed these actors operating within a larger network. With the accessibility and low cost of AI tools for quickly spinning up these operations, it is easier for small operations to produce the online presence needed to lure victims. With the low investment costs, the scheme can be profitable even if only a few people fall for the bait.
Graphika is the most trusted provider of actionable open-source intelligence to help organizations stay ahead of emerging online events and make decisions on how to navigate them. Led by prominent innovators and technologists in the field of online discourse analysis, Graphika supports global enterprises and public sector customers across trust & safety, cyber threat intelligence, and strategic communications, spanning industries including intelligence, technology, media and entertainment, and global banking.
More World Cup Coverage from Graphika
Soccer Fans Drive Backlash Against FIFA and Coca-Cola After Policy Reversal Bans Reusable Water Bottles From World Cup Stadiums
Football fans are driving backlash against FIFA and Coca-Cola after FIFA issued a policy reversal on June 2, banning reusable water bottles in World Cup stadiums, citing safety concerns.
Read the Insight
World Cup Sponsorships: Online Communities Changing the Game
The FIFA World Cup hasn't even kicked off, but corporate sponsorships are already evoking strong reactions online. Brands have carefully planned their campaigns, but fragmented online networks ultimately dictate how messages land across regional, cultural, and political divides, as we’ve witnessed with LEGO and Coca-Cola.
Read More
Inauthentic Websites Use TikTok, WhatsApp to Target Visitors Through 2026 FIFA World Cup Tickets Sales
We identified two websites that state they are "Authorized FIFA ticketing partners," and two companion TikTok accounts advertising FIFA World Cup tickets and hospitality packages for sale.
Read the InsightSee How Graphika Can Help Your Team Act on This Intelligence
This post is one of 600+ investigations Graphika’s team has published. Our platform gives your analysts continuous access to the same intelligence — plus the tools to apply it to your specific threat environment.