The 2026 World Cup is in full swing in the United States, Mexico, and Canada, with 48 teams and 104 matches until July 19. But for cybercriminals, the tournament began well before kickoff.
More than 13,000 domain names linked to the World Cup have reportedly been registered within five months, with about 9% considered suspicious or malicious. More than 270,000 compromised credentials have already been reported in connection with scams targeting ticketing, fake websites, and platforms used by fans.
The zLabs research team (Zimperium) has identified three major mobile phishing campaigns exploiting this excitement:
- Fake ticket-selling websites
- Fake promotions for official jerseys
- Fraudulent job offers posted in the name of FIFA
Scammers vs. fans: Who is in the lead?
A group nicknamed Ghost Stadium by researchers is reportedly operating more than 300 phishing pages on its own that imitate the FIFA login screen. Some of these pages go as far as loading visuals directly from official servers to appear genuine.
Thousands of fake World Cup 2026 ticketing websites imitating the official platform have also been recorded, as well as fake accounts on social media, notably on Facebook and Instagram.
Fraudulent streaming, the 4th type of threat
Streaming applications(new window) have become one of cybercriminals’ favorite playgrounds. Behind pirated streaming applications that claim to broadcast matches live, some actually conceal Android banking trojans, such as:
- Massiv, spotted in February 2026 and active in France, Spain, Portugal, and Turkey.
- BTMOB, detected in May 2026 and offered as a turnkey service that lowers the technical barrier for cybercriminals.
These fake services replicate the interface of legitimate platforms while capturing banking credentials and keystrokes.
How to stay safe while enjoying the 2026 World Cup
Each threat calls for a different response. Here are some tips you can follow to stay safe while watching the 2026 World Cup(new window):.
Secure your online transactions
Ticket purchases and peer-to-peer resale are prime opportunities for scammers to harvest your banking data.
1. Against fake FIFA tickets and fraudulent resale
Buy your tickets only on the official FIFA website and systematically verify the URL before entering your payment information. For peer-to-peer resale, favor payment by bank card with validation (SMS code or banking app) rather than a wire transfer or gift card, which are impossible to recover once sent.
With Proton Pass, you can generate a different email alias for each account created on a ticketing or resale website, to limit exposure of your primary address in case of a leak, and create a unique, strong password for each account.
2. Against mobile phishing (SMS, WhatsApp, social media)
For better World Cup 2026 mobile security, do not click on links received by SMS or WhatsApp claiming to be from FIFA or official sponsors, and never share this type of link with your contacts to “unlock” a gift or offer.
Proton Mail automatically flags suspicious senders and spoofing attempts in your email, allowing you to spot these fraudulent messages before responding. In addition, you can enable two-factor authentication (2FA) on your sensitive accounts with Proton Pass: Even if a password leaked, your accounts remain protected thanks to this second layer of security.
Protect your downloads and streaming
1. Against fake streaming applications
Only download apps from official stores (Google Play, App Store) and beware of applications promising free access to matches outside recognized platforms.
If your usual broadcaster is inaccessible from abroad, Proton VPN allows you to maintain that access and enjoy your subscription, rather than turning to an unofficial website or application. You can thus watch the entire World Cup via streaming(new window) securely and privately with a VPN(new window), in your own language, just as you would at home — wherever you are.
2. Against public WiFi risks
Public WiFi(new window) networks in hotels, airports, or fan zones can expose your data through fraudulent access points. Proton VPN allows you to encrypt your connection on these networks to secure your access in all circumstances.
Avoid World Cup 2026 scams with Proton VPN
The World Cup remains an unmissable sporting event that brings together fans from around the world. The constant evolution of new technologies and their exploitation by cybercriminals should not stop you from lifting the trophy.
Proton is offering up to 70% off for all 2026 World Cup supporters! Put on the jersey and take to the field securely and confidentially throughout the tournament and beyond.
For journalists covering the 2026 World Cup, security starts before you travel.
