The planet's most-watched sports event has been eagerly anticipated by soccer fans and cybercriminals who are launching complex, extensive fraud campaigns.
The most-watched sports event on the planet, the World Cup, is returning to stadiums and screens this week. From June 11th, 2026, to July 19th, 2026, billions of people are expected to watch the 104 games taking place in Canada, the United States, and Mexico. Alongside the avid soccer fans tuning in, the 2026 World Cup is unfortunately also being eagerly awaited by cyber criminals. Malicious cyber activity around large sports events is becoming increasingly common. The 2024 Paris Olympics were targeted by Russian threat actors through several disinformation efforts, while the Italian organizers of the 2026 Milano Cortina Winter Olympics appointed a fifth of their National Cybersecurity Agency to support tech teams during the games. For this year’s World Cup, the primary concern is cyber fraud.
On May 27th 2026, the Federal Bureau of Investigation (FBI) published a public service announcement regarding spoofing related to the upcoming games. In the advisory, the FBI defined a spoofed website as one that “is designed to pose as a legitimate website, with branding, product listings, etc., and malicious actors use them to further illegal activity like personal information theft and facilitating monetary scams.” Now, cybercriminals are taking advantage of billions of fans by creating a fraudulent version of the FIFA (Fédération Internationale de Football Association) website that hosts game details. Unsuspecting visitors may be tricked into giving away personal information, purchasing fake hospitality products or even fake tickets.
According to the FBI’s PSA, these threat actors use ‘typo squatting’ cyberattacks to spoof fifa.com convincingly, by using common typos or different domains (like .help or .org or .services instead of .com). The PSA lists 36 domains that have already been used by bad actors, from fifa[.]help, to fifaworldcup26[.]sale, and fifastore.us[.]com. At first glance, website addresses like these may not appear suspicious, which is why the FBI recommends that people searching for sites related to the World Cup exercise caution while surfing. The FBI suggests typing fifa.com directly into one's browser, avoiding ‘sponsored’ results on search engines, bookmarking official sites, and only navigating to subdomains through the official website. If you have reason to be suspicious of a site (maybe due to poor-quality graphics or being referred from an ad), do not share any private information.
The Organized Crime and Corruption Reporting Project (OCCRP) also reported on the “massive, highly sophisticated surge in digital fraud targeting soccer fans worldwide, offering them fake tickets, nonexistent travel packages, counterfeit merchandise, suspicious betting apps on websites impersonating FIFA”. Security Researcher at the Latin American branch of cybersecurity firm ESET, David Gonzalez Cuantle, commented on how the cybercriminals were expanding their schemes to take advantage of fans: “Now we are seeing that different languages are also starting to gain around on these websites, which suggests that it could be done regionally…Sometimes they [the scammers] use pseudonyms or disposable email addresses, so they can generate a temporary email and use that to register the website. That email is difficult to trace.”
More organizations are issuing warnings about the rampant fraud. Cybersecurity company Group-IB found “more than 4,300 fraudulent domains impersonating FIFA’s official web presence registered since August 2025, six distinct fraud schemes running in parallel, four independent threat actors, and over 2,500 FIFA account credential pairs already circulating in dark-web markets.” A central offender in their investigation was GHOST STADIUM, an elaborate Chinese-speaking phishing campaign that almost perfectly replicated the official FIFA site - from the single sign-on authentication to 11 language support.
GHOST STADIUM stretched over 300 domains, and is responsible for an estimated $71 million to $474 million in losses just from fake ticket sales. These sales came from only 25% of the domains, meaning the true number of total losses could be in the billions. For GHOST STADIUM, phishing attacks were largely supported by social media advertising, particularly through Facebook Ads. The targeted ads offered tickets to the games as low as $60. Telegram and WhatsApp channels also corralled victims into purchasing tickets through direct messaging.
Beyond fraud, the global stage of the games also makes the 2026 World Cup an attractive target for state-backed hackers amid current geopolitical tensions. The US-Israel war on Iran has resulted in a volley of cyber-enabled attacks, which may be exacerbated by the millions of people interacting with the World Cup. According to Cybersecurity Dive, Palo Alto's senior manager of threat intel, Justin Moore, noted that the “most serious risk may come in the form of cyberattacks from state-aligned actors”, with cyberattacks like distributed denial of service (DDoS).
In preparation for the tournament, the Cybersecurity and Infrastructure Security Agency (CISA) reports “working with partners in the government at all levels and private sector, as well as with states and host cities to strengthen preparedness, sharpen communication, and make sure communities are ready.” CISA has been organizing vulnerability assessments at stadiums and base camps ahead of the games to guarantee preparedness, and is sharing vital resources to prevent physical attacks with venues to protect fans and players watching the 22nd World Cup.
The FBI recommends that victims of fraudulent sites report the scam to ic3.gov, which will help the Bureau take down the sites while also tracking each incident shared with the Internet Crime Complaint Center. The report published last year documented 859,500 complaints, with 83% of the complaints stemming from cyber-enabled fraud. Hopefully, the FBI’s PSA, along with CISA’s initiatives, will help curtail any increase in cybercrime related to the World Cup.