Cybercriminals Are Targeting the FIFA World Cup 2026
FortiGuard Labs, Thursday, June 4th, 2026
Cybercriminals are exploiting FIFA World Cup 2026 demand with phishing, fake ticketing, malware, and credential theft.
FortiGuard Labs research reveals that cybercriminals have already deployed infrastructure to exploit the FIFA World Cup 2026, with over 13,000 FIFA-themed domains registered from January to May 2026, of which 8.8% are malicious or suspicious.
Threat actors are running multiple attack campaigns including phishing and fake ticketing websites, social media impersonation accounts (1,700+ detected), malicious apps and APK files, and credential-stealing schemes targeting job seekers. The research identified over 4,600 FIFA-related URLs in stealer logs and exposed credentials from over 270,000 users and fans, along with FIFA employee credentials.
These threats exploit fan behavior patterns such as urgency to purchase tickets, desire to stream matches, and interest in job opportunities, creating a comprehensive cybercrime ecosystem around the tournament.