Kick off! Cyber criminals are exploiting FIFA World Cup 2026 fever

“Major international sporting events create great anticipation, attract high search volume, evoke strong emotions, and drive large volumes of digital transactions,” FortiGuard Labs said in a statement.

“Fans are searching for tickets, travel offers, merchandise, live streams, betting sites, job openings, and event updates. Meanwhile, organisations are busy with logistics, staffing, travel arrangements, customer service, media tasks, and coordinating with third parties. Threat actors have anticipated these scenarios and have already started exploiting them.”

Domains taking advantage of FIFA branding surged between March and May in particular. FortiGuard Labs identified a raft of threats, including:

• Phishing and fake ticketing websites
• Resale ticket scams
• Fake merchandise storefronts
• Malicious betting and streaming applications
• Third-party Android Package Kit (APK) downloads
• Social media impersonation
• Fake job postings
• Cryptocurrency scams
• Credential exposure tied to stealer malware and historical breach data.

Fake ticketing scams were the most common threats found online, while the company identified more than 1,700 suspected FIFA-related impersonation accounts, mostly on Facebook and Instagram.

“These accounts can be exploited for fake promotions, ticket scams, fraudulent livestream links, phishing, misinformation, and malware distribution,” FortiGuard Labs said.

“Additionally, they offer attackers an inexpensive method to contact fans directly, as fans frequently discuss teams, matches, travel plans, and ticket availability.”

VIEW ALL

The company also found 4,600 URLs related to FIFA in logs from infostealers, and more than 1,500 FIFA-related employee records in past breaches.

You can read the full FIFA World Cup 2026: Cyberthreat Landscape Report here.