Official FIFA World Cup 2026 merchandise is running low, while fans all over the world are scrambling to get their favourite player’s shirt in time for the final matches. And this is creating a perfect storm for cyberscammers.

“Attackers know that FOMO (fear of missing out) is the ultimate biological bypass,” says Miguel Fornes, information security manager at Surfshark. “Now we are witnessing the use of generative AI to clone a pixel-perfect replica of an official Nike or FIFA store, in record time.

“But it gets worse: they no longer have to wait for you to stumble upon their fake site. They are actively manipulating the AI assistants you trust to guide you right to their door.”

It’s not the first time that LLMs can be tricked into recommending malware or scam sites. During a massive campaign discovered in May 2026, cybercriminals created fake installation pages for Gemini CLI and Claude Code. And after heavily poisoning search algorithms and scraped content, users who asked AI models for installation instructions were confidently directed to fake, lookalike domains. When users executed the AI’s recommended commands, they unknowingly downloaded an infostealer that wiped their credentials.

When it comes to official soccer merchandise, this is how an active, weaponised attack vector known as IDPI (Indirect Prompt Injection) or AI poisoning works

  • The hidden payload: attackers build their fake “mirage storefront” and load the webpage’s source code with hidden instructions.
  • The ingestion: when a desperate buyer asks an AI assistant, “Where can I buy an authentic Haaland shirt right now?” the AI scours the web for recent data. It scrapes the attacker’s site, ingests the hidden text, and interprets it as a legitimate command.
  • The betrayal: the LLM, stripped of its safety rails by the hidden prompt, confidently replies: “Great news! The official merchandise is currently in stock at [malicious link]. Buy it quickly before it sells out!” The user, trusting the AI’s “authoritative” response, clicks the link and is immediately compromised. To a regular user, the instructions appear indistinguishable from legitimate guidance.

“If threat actors can successfully poison LLMs to trick highly technical software developers into downloading malware, they can easily trick a desperate football fan into buying a fake t-shirt. We can no longer mindlessly outsource our critical thinking to AI. When the AI tells you it found the last sold-out item on earth, your skepticism shouldn’t decrease — it should double,” says Fornes.