FIFA World Cup 2026 hype kicks off fraud, fake apps, and ransomware targeting fans and businesses

News
By published

Hackers have been preparing longer than the footballers

A detailed view of the FIFA World Cup Trophy during the VIP Welcome Reception ahead of the FIFA World Cup 2026 Official Draw at John F. Kennedy Center for the Performing Arts on December 04, 2025
(Image credit: Michael Regan - FIFA/FIFA via Getty Images)
  • Scammers pre‑position FIFA World Cup infrastructure
  • Fraud spans finance, travel, gambling sectors
  • Businesses urged to prepare before tournament begins

Scams themed around the FIFA World Cup 2026 will peak, as one might expect, just before and during the world cup. However, in order to maximize the efficiency of these scams, the fraudsters need a lot more time.

This is according to cybersecurity researchers Check Point Research who, in a new blog post, said that scammers have been positioning for months now, focusing on three key pillars: finance, travel and hospitality, and gambling. Now, as the World Cup is about to begin, the infrastructure for scams is “already built” and most of the fraudulent sites already live.

“The financial ecosystem around any mega-event is exactly the kind of environment threat actors prefer,” CPR explains. “Surging transaction volumes, unfamiliar merchants, compressed purchasing windows, and international flows all reduce the scrutiny that normally slows fraud down.”

Latest Videos From

Lacking DMARC enforcement complicates things

Match tickets might be scarce, but there will be an abundance of scams. Shady cryptocurrency tokens, with no affiliation with FIFA, with a completely anonymous team, and no use case, are already circulating.

Fake hotels, ticketing sites, and even merchandise sellers, are everywhere. To make matters worse, legitimate business partners aren’t helping either - a third of them lack sufficient DMARC enforcement, which means they can be easily spoofed by cybercriminals.

For CPR, this means one thing - to protect their good name, as well as the wellbeing of their customers, businesses must do the same thing criminals are doing - prepare well in advance.

“Threat actors are already pre-positioning infrastructure, test entry points, and activate campaigns at moments of peak visibility and operational pressure. By the time the tournament is live, the window for preparation will have largely closed,” they said. “For organizations, this means preparation must happen before the tournament begins.”

Now the key question is - is your business ready for the next 30 days?

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Google logo on a black background next to text reading 'Click to follow TechRadar'

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.