World Cup Fraud Is Becoming More Difficult to Detect

You’ve received a World Cup ticket. It showed up in your email with a QR code, professional branding, and a confirmation message that seemed legitimate. Sadly, it wasn’t.

In the past, identifying a scam was often straightforward. A questionable email address, poor language, or obvious mistakes typically raised red flags. However, as we approach the 2026 FIFA World Cup, these familiar warning signs are fading. AI-driven websites, deepfake media, fabricated audio, and convincing phishing schemes are making it increasingly easy for criminals to masquerade as legitimate organizations.

With the United States, Canada, and Mexico hosting 104 matches across 16 cities, this World Cup is set to be the largest in history, providing an unprecedented chance for cybercriminals.

Between January and May 2026, over 13,000 domains related to FIFA were registered. By early May, approximately one in 41 had been flagged as suspicious or malicious—before a single match had taken place, according to Tarek Jammoul, regional managing director at cybersecurity firm TrendAI.

FIFA estimates that upwards of 6 million fans will fill the stadiums to witness the tournament. In fact, more than 150 million tickets were requested during the first 15 days of the sales window, making this edition roughly 30 times oversubscribed compared to earlier tournaments.

“The World Cup presents an ideal opportunity for scammers—you couldn’t ask for a better scenario,” comments David Holtzman, chief strategy officer at Naoris Protocol, a cybersecurity and blockchain company. “This is soccer. It feels enjoyable and harmless, which lowers people’s defenses.”

For over a decade, phishing has been the most common type of online scam. Spear phishing—a targeted form where attackers utilize information from search engines, social media, and other online platforms to craft more believable messages—poses an even greater risk for World Cup supporters this year.

The scale of these operations is vast. Research conducted by cybersecurity firm Group-IB found over 4,300 fraudulent domains pretending to be FIFA’s official online presence, along with six parallel fraud schemes and four independent threat actors in operation prior to the tournament.

Frequent scams include fake ticket sales, deceptive immigration or visa services, and misleading accommodation offers. Fans are also advised to be cautious of counterfeit merchandise and websites mimicking official tournament branding.

“When we assisted the Qatar Supreme Committee for Delivery & Legacy (SCDL2022) [during the 2022 FIFA World Cup], the threats we identified were serious but still relatively noticeable—fraudulent ticket pages, survey scams offering free mobile data, and a malicious Android app promising live broadcasts, among others,” shares TrendAI’s Jammoul.

While the scams haven’t drastically changed, the technology behind them certainly has.

“At Qatar 2022, we encountered fake streaming domains, data-bait survey scams, and crypto schemes using footballers’ images. These categories are resurfacing now, but are larger and more AI-refined,” Jammoul states.

Scammers are Leveraging AI Too

“There has been an exponential rise in scams over the past two years, and AI plays a significant role,” says Holtzman from Naoris Protocol. Experts note that while AI isn’t creating entirely new attack methods, it is enhancing attackers’ efficiency beyond previous levels.

By generating highly personalized, professional-looking emails on a massive scale and assisting attackers in creating convincing fake websites, AI is greatly expanding the landscape of threats.

Simultaneously, AI is also becoming one of the most powerful tools in the cybersecurity industry’s arsenal. By analyzing extensive amounts of data and detecting unusual patterns, it can help in identifying suspicious domains and anticipating new threats. However, technology alone may not suffice.

Companies are increasingly depending on collaborative efforts among platforms, cybersecurity firms, and law enforcement to track potential threats. For instance, Meta has reported that it has engaged in initiatives like the Global Signal Exchange (GSE) and Fraud Intelligence Reciprocal Exchange (FIRE) to identify and disrupt coordinated scams targeting users.