Insider Spotlight
The event, which opens on June 11, is expected to drive a surge in online searches for tickets, travel packages, merchandise, livestreams, betting services, and employment opportunities.
That heightened digital activity is creating new opportunities for threat actors seeking to steal credentials, payment information, and personal data, FortiGuard Labs said in a statement.
Why it matters
Major international sporting events generate high online traffic and emotional engagement, making them attractive targets for cybercriminals.
Organizations across travel, hospitality, media, retail, finance, and event operations also face elevated risks as they manage logistics, staffing, customer service, and third-party relationships.
FortiGuard Labs found that cybercriminal infrastructure tied to the FIFA World Cup 2026 is already active.
More than 13,000 tournament-themed domains were registered between January and May 2026, with roughly 8.8 percent identified as malicious or suspicious through scam activity and pattern analysis, according to a company release.
The big picture
Researchers observed a sharp rise in FIFA-themed domain registrations from March to May, with many sites misusing FIFA branding and incorporating terms linked to ticketing, streaming services, betting platforms, and hospitality offerings.
The report identified a broad range of threats, including phishing websites, fake merchandise stores, fraudulent betting and streaming applications, malicious Android package files, social media impersonation accounts, fake recruitment campaigns, cryptocurrency scams, and credential theft operations.
The findings point to what researchers described as a growing cybercrime ecosystem built around the tournament rather than isolated scam campaigns.
Ticket scams remain a key concern
Among the most common tactics are counterfeit ticketing websites that mimic official FIFA pages and collect login credentials, personal information, and payment details from unsuspecting users.
Researchers also identified fraudulent ticket offers promoted through Telegram channels and underground forums. Some schemes bundled fake flight and hotel packages with counterfeit match tickets to make the offers appear more credible.
Beyond fake websites
FortiGuard Labs identified more than 1,700 suspected FIFA-related impersonation accounts and channels across social media and messaging platforms, with nearly 90 percent of the cases appearing on Facebook and Instagram.
These accounts can be used to distribute phishing links, promote fake ticket sales, advertise fraudulent livestreams, spread misinformation, and deliver malware. Because many scams appear within legitimate fan communities and discussions, users may be more likely to trust them.
The report also highlighted malware risks tied to unofficial betting, streaming, and score-tracking applications.
Researchers detected suspicious FIFA-themed Android package files and identified software disguised as betting tools that exhibited signs of malicious behavior.
Job seekers also face risks
The World Cup is expected to create demand for temporary workers, contractors, hospitality staff, logistics personnel, media support teams, and event-specific roles, creating another avenue for cybercriminals.
Researchers documented phishing campaigns that used fake FIFA-related job advertisements and sponsor recruitment posts to lure victims to counterfeit login pages designed to harvest credentials.
FortiGuard Labs also found evidence of FIFA-related activity in stealer log data, including more than 4,600 FIFA-associated URLs and over 270,000 credentials linked to users and fans visiting FIFA-related websites.
Bottom line
The report underscores the need for organizations and consumers to strengthen cybersecurity measures before tournament activity accelerates.
Security teams should monitor for brand impersonation, lookalike domains, credential leaks, phishing attempts, and malicious advertisements, while fans should use official ticketing channels, avoid third-party app downloads, verify job postings through trusted sources, and exercise caution when responding to urgent payment requests.
With global attention increasingly focused on the FIFA World Cup 2026, researchers warn that cybercriminals have already begun building the infrastructure needed to capitalize on the event’s massive digital audience. —Princess Daisy C. Ominga| Ed: Corrie S. Narisma
