You’ve received a World Cup ticket. The email contained a QR code, impressive branding, and looked authentic. However, it’s a counterfeit.
In recent years, identifying scams was often straightforward. Red flags like unusual email addresses, poor grammar, and typographical errors frequently signaled deception. However, during the 2026 FIFA World Cup, these indicators are becoming less apparent. Technology advancements, such as AI-generated websites, deepfake videos, and sophisticated phishing attempts, allow cybercriminals to closely mimic legitimate organizations.
With the United States, Canada, and Mexico set to cohost 104 matches across 16 cities, this World Cup is not only the largest in history but has also provided cybercriminals with abundant opportunities. Research indicates that over 13,000 FIFA-themed domains were registered between January and May 2026. Alarmingly, by early May, nearly one in 41 of these domains had been flagged as suspicious or malicious just as the tournament was about to commence.
FIFA projects that more than 6 million fans will attend matches. In an unprecedented turn, ticket requests exceeded 150 million within the first two weeks of the sales window, marking this event as approximately 30 times oversubscribed compared to prior tournaments.
“The World Cup presents an ideal scenario for scammers — it’s an event that’s celebrated and seems innocent, which often causes individuals to let their guard down,” states David Holtzman, chief strategy officer at Naoris Protocol, a cybersecurity and blockchain firm.
Phishing has been the predominant form of online scams for over a decade, with spear phishing—where attackers utilize accumulated data from various online platforms to craft personalized messages—posing a significant risk for World Cup attendees this year. The scale of threats is staggering. Research from cybersecurity company Group-IB has uncovered over 4,300 fraudulent domains masquerading as FIFA’s official website, along with several overlapping fraud schemes and independent threat actors operating in close proximity to the tournament.
Common scams reported include fake ticket sales, fraudulent immigration and visa services, as well as misleading accommodations. Fans have also been advised to be cautious of counterfeit merchandise and sites that mimic official tournament branding.
“The scams we witnessed in Qatar are appearing again, but with greater scale and refinement through AI,” Jammoul adds. The rise in scam prevalence over the last two years can be largely attributed to AI, which may not have entirely reinvented attack methods, but significantly improved the efficiency of attackers.
AI’s capability to generate highly personalized, professional-looking emails at scale, along with its assistance in crafting convincing fake websites, has broadened the threat landscape considerably. However, cybersecurity professionals are leveraging AI as a formidable defensive tool. By analyzing large datasets and identifying unusual activity, AI can flag suspicious domains and anticipate emerging threats. Yet, reliance on technology alone is inadequate.
Collaboration is becoming essential in the fight against cyber threats. Organizations are increasingly turning to partnerships among cybersecurity firms, platforms, and law enforcement agencies to counteract potential risks. For instance, Meta has engaged in initiatives aimed at disrupting organized scams targeting internet users. As this World Cup approaches, heightened vigilance and awareness are paramount for all stakeholders involved.