Ticket scams, fake streaming websites and dodgy domains: the security threats facing football fans ahead of the World Cup 2026
Date:
Thu, 11 Jun 2026 15:05:00 +0000
Description:
We take a look at some of the biggest threats facing fans at the World Cup 2026.
FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter As the World Cup 2026 kicks
off, the planet's biggest sporting tournament is set to draw in billions of viewers, as well as the hundreds of thousands of fans attending games across the USA, Mexico and Canada.
However the event is also set to be fertile ground for online scammers and hackers, who will be looking to capitalize on the excitement to trick unwary victims. Here's our guide to spotting the most dangerous scams and tricks online during the World Cup - and how you can stay safe. Latest Videos From Watch full video here: Fake streaming websites and apps With the event taking place across the American continent and time zones, and entry to some of
these countries already proving difficult, many fans will be forced to watch their country on broadcast television, or online.
Hackers are taking advantage of this by launching fraudulent streaming platforms, which may offer free or discounted access to matches, but are designed to steal login credentials, payment information, or personal data. You may like 'This enormous demand...has made the football tournament a
magnet for fraud': Experts warn scammers are ramping up their work ahead of the FIFA World Cup 2026 here's how to avoid being hit One month out from the World Cup, and scammers are already targeting fans FIFA websites spoofed by hackers ahead of 2026 World Cup, FBI warns
Unofficial streaming sites are also often filled with deceptive
advertisements that can redirect users to phishing pages or trigger malware downloads, and cybercriminals may distribute unofficial apps that appear to offer match coverage but instead install malware or spyware on users'
devices. (Image credit: Arctic Wolf) Arctic Wolf security researchers have warned that, with timing issues proving tricky for lots of fans, many will be searching for last-minute viewing options, and so some malicious sites
recruit subscribers with a promise to drop a free stream link (pictured
above) five minutes before each match begins, but then are designed to detonate at the last moment after luring victims in. Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.
Even legitimate services may be at risk, as popular streaming services are frequent targets for credential-stuffing attacks, where stolen usernames and passwords from previous breaches are used to gain access to accounts.
So the name of the game - be on your guard when searching for online streams, and if an offer seems to good to be true - it probably is. Online ticket
scams (Image credit: CYFIRMA) With World Cup tickets in high demand by desperate fans, and FIFA attracting widespread criticism for the eye-watering prices introduced for this tournament, fans may understandably try turning to alternative sources. What to read next FIFA World Cup 2026 hype kicks off fraud, fake apps, and ransomware targeting fans and businesses 7 in 10 World Cup football fans are ready to put their digital privacy at risk, warns ExpressVPN World Cup 2026: how mobile networks can avoid cybersecurity chaos at kick-off
However this may not be a great idea, as fans may encounter fake promotions, prize giveaways, or subscription offers tied to the tournament that are designed to collect personal information or payment details.
Arctic Wolf flagged one campaign using a ticket lure that includes a decoy JPEG to distract the victim, however when clicked on, an infostealer malware is dropped onto a victim's device, where it harvests browser secrets such as cookies, saved passwords, autofill and payment-profile data, browsing and search history, messaging and session material, clipboard contents and a desktop screenshot, saved Wi-Fi profiles and passwords, and a wide range of application credentials. Fake domains Along with more blatant scams,
criminals are also busy preparing and running fake websites, again purporting to host ticket giveaways or offers, but in reality will just be stealing valuable personal data.
Arctic Wolf found that since January 2026, more than 10,000 new domains were registered under the broad umbrella of the World Cup, approximately 2000 new domains per month - many of which are legitimate, but the temptation is just too much for some scammers.
Experts from Cyfirma also reported such sites actually spiking in August and September 2025, as scammers tried to prepare early, with peak registrations exceeding 300 domains per day.
They warn that cloned FIFA interfaces may be combined with fake customer support channels or AI-generated phishing emails to increase legitimacy and improve victim conversion rates.
Unfortunately, the rise in AI-generated content will also further increase
the likelihood of highly convincing multilingual scams targeting
international audiences.
"Looking ahead, organizations supporting the FIFA World Cup 2026 should anticipate a dynamic threat environment where cybercrime, hacktivism, disinformation, and state-linked cyber activity increasingly overlap," the experts note .
"Continuous threat intelligence collection, proactive monitoring of malicious infrastructure, and coordinated cybersecurity efforts across public and private sector stakeholders will be essential to identifying emerging threats and maintaining operational resilience throughout the tournament lifecycle." Real-world issues and hacks Even at the games, you may still be at risk, as criminals may try and exploit the excitement of being at the tournament to target those letting down their guard.
In particular, fans should watch out for unverified public Wi-Fi networks, as areas such as airports, hotels, stadiums, and fan zones often become hotspots for rogue Wi-Fi networks designed to intercept credentials or redirect users to malicious websites.
The rise in QR-code usage has also led to an increase in QR-code scams, sometimes referred to as "quishing." These attacks can trick users into visiting fake sites offering tickets or giveaways that request personal information or payment details.
Arctic Wolf notes that quishing is even targeting the organizers of the tournament, with one scam targeting employees working on the games being held in the US city of Philadelphia.
The team found a purpose-built PDF entitled Employee Handbook Understanding employment at FIFA World Cup 26 Philadelphia, styled with the Liberty Bell
and a credible HR layout, and metadata names the citys legitimate tourism organization (discoverphl.com) and an intended recipient inside.
However, the document ends by asking the victim to scan a QR code to access the digital version of the handbook, complete with a friendly step-by-step guide to opening their camera and tapping the (malicious) link.
So the message is - it doesn't matter who you are, or where you're watching, be on the lookout for potential scams, or the only own goal you could be facing is your own.
======================================================================
Link to news story:
https://www.techradar.com/pro/security/ticket-scams-fake-streaming-websites-an d-dodgy-domains-the-security-threats-facing-football-fans-ahead-of-the-world-c up-2026
--- Mystic BBS v1.12 A49 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)