The 2026 FIFA World Cup has only just begun, but according to experts, cybercriminals have been preparing for months. The latest analysis from FortiGuard Labs shows that an extensive fraud ecosystem has been created around the tournament, targeting both fans and organisations associated with the event.
Between January and May 2026, more than 13,000 web domains referring to the World Cup were registered. Around 8.8 per cent of these were classified as suspicious or malicious. Many such sites use names related to tickets, match broadcasts, sports betting or travel offers in an attempt to impersonate official FIFA websites.
Social engineering remains the most commonly used method. Fraudsters rely on emotions and a sense of urgency. Fake ticket offers, limited promotions or access to exclusive broadcasts are designed to get users to act quickly without verifying the source. Social media is a particularly active channel. Fortinet has identified more than 1,700 accounts impersonating FIFA or fan communities, most of which operate on Facebook and Instagram.
Cybercriminals are also increasingly using fake online shops. They offer jerseys, gadgets and collectible memorabilia that, once paid for, never reach the buyers. In parallel, fake streaming platforms and mobile apps are on the rise. Under the guise of free access to matches, users install malware capable of stealing passwords, bank details or taking control of a device.
Tournament job seekers have also been targeted. Analysts detected campaigns using fictitious job offers that lead to phishing sites for login credentials.
The scale of the problem is significant. In the data acquired by the infostealer malware, experts found more than 270,000 sets of credentials linked to users visiting FIFA-related sites. This does not mean that all accounts are being actively exploited, but such information could be used for further phishing campaigns and account takeover attempts.
The conclusions are simple. As the popularity of global sporting events grows, so does the scale of digital threats. For fans, the primary line of defence remains to use only official sales, broadcast and recruitment channels and to be wary of offers that appear too attractive to be genuine.
