Fraud, Ransomware, and Fake Apps Are Already Targeting FIFA 2026
Check Point, Thursday, June 4th, 2026
Threat actors are pre-positioning fraud, ransomware, and fake apps targeting FIFA 2026's financial, travel, and gambling sectors.
As FIFA World Cup 2026 approaches on June 11, Check Point Research has identified a coordinated cyber threat campaign targeting the tournament's financial ecosystem, transportation infrastructure, and gambling sector.
Threat actors have already built and deployed malicious infrastructure including crypto rug-pull scams, phishing domains impersonating hotels and travel platforms, and over 35 fake sportsbook apps on Google Play.
The research reveals that more than one-third of official FIFA partners lack sufficient DMARC enforcement, leaving them vulnerable to business email compromise and payment fraud. With 16 host cities across the US, Canada, and Mexico attracting billions of viewers and unprecedented transaction volumes, the attack surface is larger than any prior tournament, and organizations must strengthen their security posture before the tournament goes live.