FIFA World Cup 2026 cyber scams target fans across North America
Security firms Fortinet and Check Point have identified more than 13,000 internet sites referencing the 2026 FIFA World Cup that were registered between January and May, with roughly 8 % classified as malicious or suspicious. These sites lure fans searching for information, tickets, merchandise or travel packages, then harvest payment details, personal data and login credentials.
Fraudsters also use Telegram, Facebook, Instagram and X to promote fake travel bundles, counterfeit tickets and illegitimate betting applications, often embedding Trojan‑type software. About 1,700 bogus social‑media profiles have been created to impersonate official FIFA accounts, spread misinformation and conduct phishing attacks. In response, US and Canadian authorities have issued warnings urging the public to verify website authenticity and avoid providing sensitive information.
The campaigns exploit the excitement and urgency surrounding the tournament, which will be held in 16 cities across the United States, Canada and Mexico, and mirror similar fraud spikes seen during previous major sporting events.