FortiGuard flags surge in 2026 FIFA World Cup scams

• Researchers say more than 13,000 World Cup-related domains have been registered since January, nearly 9% of which appear suspicious, with most using .com to project legitimacy.

With the 2026 FIFA World Cup beginning this week, FortiGuard Labs warns of a sweeping rise in fraud targeting fans scrambling for tickets, streams, and tournament deals.

Researchers say more than 13,000 World Cup-related domains have been registered since January, nearly 9% of which appear suspicious, with most using .com to project legitimacy.

Scam tactics span copycat ticket portals that harvest card details, fake “create a FIFA ticket profile” pages that throw errors after siphoning passwords, and “Free World Cup 4K Live Stream Player” lures that deliver infostealers like Vidar, LummaC2, and RedLine. Once installed, these steal saved browser passwords and crypto wallet keys. FortiGuard notes a sharp spike in fraudulent domain registrations between March and May 2026 as kickoff neared.

Criminals are also exploiting FOMO and confusion around last-minute logistics. Telegram channels and social posts push “discounted” packages and streaming links, while bogus storefronts demand payments via bitcoin, bank wires, Apple Pay, Zelle, or CashApp—then generate fake invoices tied to generic email accounts.

Some portals claim long operating histories despite domains created only months ago. Researchers additionally tracked over 1,700 impersonation accounts across Facebook and Instagram and reported 270,430 leaked credentials, with some scams posing as football bodies and public authorities to boost credibility.

Safety tips for fans:

• Type official URLs directly; avoid links in unsolicited messages.
• Be skeptical of steep discounts or urgent countdowns.
• Check domain age and spelling; verify contact details and refund policies.
• Never bypass security warnings to install “players,” “betting trackers,” or browser extensions.
• Enable MFA, use unique passwords, and keep devices patched.
• Prefer secure payments with chargeback protection; avoid crypto and wire transfers for first-time sellers.

Authorities and platforms are urged to fast-track takedowns of fraudulent domains, monitor social impersonation, and coordinate with national CERTs as high-profile matches drive traffic spikes 1.