The FIFA World Cup 2026 has become a major target for cybercriminals even before the first ball was kicked. A new threat landscape report from Fortinet has revealed that attackers have already built a large network of scams, phishing campaigns, and malware operations designed to exploit the excitement surrounding the world’s biggest football tournament. Researchers found that cybercriminal activity linked to the World Cup has been growing steadily for months.According to findings from FortiGuard Labs, more than 13,000 World Cup-themed internet domains were registered between January and May 2026. Nearly 8.8% of those domains were identified as malicious or suspicious. The report suggests that threat actors are preparing well in advance to take advantage of fans.
Fake ticket sites and social media scams create major risk for fans ahead of FIFA World Cup 2026
Ticket-related fraud remains one of the biggest threats during the World Cup. Cybercriminals are creating fake websites. These domains closely resemble official FIFA ticketing portals. These fake pages are designed to steal personal information, login credentials, and payment details. Many of them use urgent messages like last-call etc to pressure users.Researchers also discovered fake checkout systems that look almost identical to legitimate ticket purchasing platforms. This makes it harder for users to identify scams before entering sensitive information.The threat extends beyond ticket sales. More than 1,700 suspected fake social media accounts have been identified. These accounts are across Facebook and Instagram. These accounts are being used to spread phishing links. Along with fake livestream offers, fraudulent promotions, and unofficial ticket resale schemes.The report also highlights a rise in fake job opportunities linked to the tournament. Criminals are posing as recruiters, sponsors, and event partners to attract job seekers. Victims are then directed to counterfeit login pages designed to steal Google and other online account credentials.Another concern is the availability of stolen credentials. FortiGuard Labs identified thousands of FIFA-related entries within malware logs connected to well-known information-stealing malware families. These exposed credentials can be used for account takeovers, credential stuffing attacks, and targeted phishing operations.Fortinet researchers said the findings show that cybercriminals began preparing months before the tournament started. They noted that attackers have developed phishing networks, impersonation campaigns, malware distribution systems, and credential theft operations to exploit the massive global attention surrounding the World Cup. The researchers added that fans should strengthen password security, improve monitoring systems, educate users about online threats, and prepare early because industries ranging from travel and hospitality to finance, retail, media, and critical infrastructure could all become targets during the tournament.
