As the 2026 World Cup gets underway, the biggest sporting tournament on the planet is expected to attract billions of viewers, as well as hundreds of thousands of fans attending matches in the United States, Mexico and Canada.
However, the event also promises to be a breeding ground for online scammers and hackers, who will seek to capitalize on the enthusiasm to deceive unwary victims.
Here’s our guide to spotting the most dangerous scams and tricks online during the World Cup – and how to stay safe.
Fake streaming sites and apps
With the event taking place across the Americas and multiple time zones, and with entry into some of these countries already proving difficult, many fans will be forced to watch their country on TV or online.
Hackers take advantage of this by launching fraudulent streaming platforms, which may offer free or discounted access to matches, but are designed to steal login credentials, payment information or personal data.
Unofficial streaming sites are also often filled with deceptive ads that can redirect users to phishing pages or trigger malware downloads. Cybercriminals may distribute unofficial apps that appear to offer match coverage, but instead install malware or spyware on users’ devices.
Security researchers at Arctic Wolf have warned that, with timing issues proving tricky for many fans, many will be looking for last-minute viewing options, and so some malicious sites recruit subscribers with the promise of posting a “free stream” link (pictured above) five minutes before the start of each match, but are then designed to explode at the last moment after luring in victims.
Even legitimate services can be at risk, as popular streaming services are frequent targets of credential stuffing attacks, where usernames and passwords stolen in previous breaches are used to access accounts.
So the name of the game – be on your guard when searching for streams online, and if an offer appears to be real – it probably is.
Online ticket scams
With World Cup tickets in high demand from desperate fans and FIFA drawing widespread criticism for the exorbitant prices introduced for this tournament, fans may understandably try to turn to alternative sources.
However, this may not be a good idea, as fans may encounter fake tournament-related promotions, rewards, or subscription offers designed to collect personal information or payment details.
Arctic Wolf reported a campaign using a ticket lure including a JPEG lure to distract the victim. However, when clicked, information-stealing malware is dropped onto the victim’s device, where it collects browser secrets such as cookies, saved passwords, autofill and payment profile data, browsing and search history, email and session materials, clipboard contents and a desktop screenshot, Wi-Fi profiles and saved passwords, as well as a wide range of application credentials.
Fake domains
Besides more blatant scams, criminals are also busy preparing and running fake websites, again pretending to host giveaways or ticket deals, but in reality they will only steal valuable personal data.
Arctic Wolf found that since January 2026, more than 10,000 new domains have been registered as part of the World Cup, or around 2,000 new domains per month – many of which are legitimate, but the temptation is just too much for some scammers.
Cyfirma experts also reported that these sites increased in August and September 2025, as scammers tried to prepare early, with peak registrations exceeding 300 domains per day.
They warn that cloned FIFA interfaces can be combined with fake customer support channels or AI-generated phishing emails to increase legitimacy and improve victim conversion rates.
Unfortunately, the increase in AI-generated content will also increase the likelihood of highly convincing multilingual scams targeting international audiences.
“Going forward, organizations supporting the 2026 FIFA World Cup should expect a dynamic threat environment in which cybercrime, hacktivism, disinformation and state-linked cyber activities increasingly overlap,” the experts note.
“Continuous threat intelligence collection, proactive monitoring of malicious infrastructure, and coordinated cybersecurity efforts between public and private sector stakeholders will be critical to identifying emerging threats and maintaining operational resilience throughout the tournament lifecycle. »
Real World Problems and Hacks
Even during games, you can still be at risk, as criminals may try to exploit the excitement of being at the tournament to target those who let their guard down.
Fans should especially be careful of unverified public Wi-Fi networks, as areas such as airports, hotels, stadiums and fan zones often become hotspots for malicious Wi-Fi networks designed to intercept credentials or redirect users to malicious websites.
The increase in the use of QR codes has also led to an increase in QR code scams, sometimes called “quishing.” These attacks can trick users into visiting fake sites offering tickets or gifts that ask for personal information or payment details.
Arctic Wolf notes that quishing even targets tournament organizers, with one scam targeting employees working on games held in the US city of Philadelphia.
The team found a specially designed PDF titled “Employee Handbook – Understanding Jobs at the 26 FIFA World Cup in Philadelphia,” decorated with the Liberty Bell and a credible HR layout, and metadata names the city’s legitimate tourism organization (discoverphl.com) and an intended recipient inside.
However, the document ends by asking the victim to scan a QR code “to access the digital version of the manual”, accompanied by a user-friendly step-by-step guide to opening their camera and tapping the (malicious) link.
So the message is: no matter who you are or where you look, be on the lookout for potential scams, or the only goal you might face is your own.
