Starting June 11, the FIFA World Cup 2026 will draw massive global attention, but it has also become a prime target for cybercriminals who have already built extensive malicious infrastructure to exploit fan excitement and high digital activity. New research from FortiGuard Labs shows between January and May 2026, over 13,000 World Cup-themed domains were registered, with nearly 9 percent identified as malicious or suspicious, and registrations rose sharply from March to May. These sites often misuse official branding and focus on ticketing, streaming, betting, travel, and merchandise—areas where demand and urgency are highest.
Scams take many forms, including fake ticket platforms, counterfeit stores, fraudulent betting and streaming apps, social media impersonation, fake job offers, and cryptocurrency schemes. Ticketing scams are especially risky, as attackers capitalize on limited availability and resale demand to steal personal and payment details, sometimes bundling fake tickets with bogus travel packages. More than 1,700 impersonation accounts were found, mostly on Facebook and Instagram, used to spread scams and misinformation within legitimate fan conversations. Malicious software is also a concern, with trojanized apps and APK files carrying ransomware or spyware, while fake recruitment posts harvest login data through convincing phishing pages.
Data exposure adds another layer of risk: researchers found thousands of related URLs in malware logs, plus hundreds of thousands of stolen credentials from fans, employees, and partner accounts, some from past breaches. Even outdated information can enable account takeovers and targeted fraud during the tournament.
Organizations across sports, travel, finance, media, and public sectors are advised to strengthen monitoring for lookalike domains, brand misuse, and credential leaks, while updating defenses against phishing and malware. Fans and workers are urged to use only official channels, avoid unofficial downloads, verify all offers carefully, and reject urgent or unusual payment requests. Cybercriminals move fast to exploit major events, so preparation and caution are essential well before the opening match.
