Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
You have a World Cup ticket. It arrived in your inbox with a QR code, a professional logo, and a confirmation email that looks authentic. Unfortunately, that was not the case.
Over the years, seeing a confusion it was easy. A questionable email, broken English, or a common typo was often enough to arouse suspicion. But to 2026 FIFA World Cupthose old signs are disappearing. AI powered websites, deepfake videosfake audios, and phishing campaigns are making it easier than ever for criminals to pretend to be legitimate organizations.
With the United States, Canada, and Mexico featuring a combined 104 matches in 16 cities, the biggest World Cup in history has provided incredible opportunities for cybercriminals.
More than 13,000 FIFA-themed domains were registered between January and May 2026. By early May, about one in 41 had already been identified as suspicious or malicious—before a single match was played, according to Tarek Jammoul, director of domain management at cybersecurity firm TrendAI.
FIFA estimates that more than 6 million fans will fill the stadiums. In fact, more than 150 million tickets were requested within the first 15 days of the sales window alone, which made the print run approx. 30 times registered compared to previous games.
“The World Cup is a great opportunity for fraudsters – you can’t make it better,” says David Holtzman, chief technology officer at Naoris Protocol, a cybersecurity and blockchain company. “This is football, it’s fun and harmless, which reduces public safety.”
For more than ten years, phishing has been like the most common type Internet fraud. Spear phishing—a technique in which attackers use information gathered from search engines, social networks, and other online sites to create convincing messages—is posing a major threat to World Cup fans this year.
The scope of the work is huge. A study led by cybersecurity firm Group-IB revealed more than 4,300 cheat areas that impersonate FIFA’s online presence, including six similar cheating strategies and four independent threats that are taking place before the tournament.
Common scams include selling fake tickets, fraudulent immigration or visa-related services, and misleading accommodation facilities. Fans are also warned to be on the lookout for fake ads and websites that pretend to be popular in the sport.
“When we supported the Qatar Supreme Committee for Delivery & Legacy (SCDL2022) (for the 2022 FIFA World Cup), the threats we helped identify were serious but still common – fake websites, scams offering free mobile data, and a malicious Android app that promises live streaming, among others,” says TrendAI’s Jammoul.
The trick itself hasn’t changed much. The difference is the technology behind them.
“Pa Qatar 2022we saw fake fake domains, data-bait research scams, and crypto strategies using the image of football players. Those same teams are resurgent now, only bigger and more polished with AI,” says Jammoul.
Scammers Are Using AI Again
Holtzman, of Naoris Protocol, said: “There has been a huge increase in cyberspace in the last two years, and AI is a big reason. According to experts, AI is not creating new attack methods – it is making attackers more efficient than before.
By creating sophisticated, professional-looking emails at scale and enabling attackers to create fake websites, AI is increasing the threat level.
At the same time, AI is also becoming one of the most powerful defense tools in the cybersecurity industry. By analyzing large amounts of data and identifying unusual patterns, it can help identify suspicious areas and anticipate emerging threats. But technology alone is not enough.
Companies are increasingly relying on collaboration between platforms, cybersecurity companies, and law enforcement to keep up with potential threats. Meta, for example, claims to have worked through actions such as Global Signal Exchange (GSE) and Fraud Intelligence Reciprocal Exchange (FIRE) to identify and disrupt linked scams targeting users.
