World Cup scams are becoming more difficult to spot

I’ve got it World Cup ticket. It’s arrived in your inbox with a QR code, professional branding, and a confirmation email that looks like it’s real. Unfortunately, it wasn’t.

For years, spotting a scam was relatively simple. A suspicious email address, incorrect English, or an obvious typo is often enough to raise suspicions. But at the 2026 FIFA World Cup, those old warning signs disappear. AI-generated websites, deepfake videos, fabricated audio recordings, and disguised phishing campaigns make it easier than ever for criminals to impersonate legitimate organizations.

With the United States, Canada and Mexico hosting 104 matches in 16 cities, the largest World Cup in history has created an unprecedented opportunity for cybercriminals.

More than 13,000 FIFA domains were registered between January and May 2026. By early May, roughly one in 41 domains had been identified as suspicious or malicious — before a single match had been played, according to Tarek Jammoul, regional managing director at cybersecurity firm TrendAI.

FIFA estimates that more than 6 million fans will fill the stadiums to watch the tournament. In fact, more than 150 million tickets were ordered during the first 15 days of the sales window alone, making this edition approximately 30 times surplus compared to previous tournaments.

“The World Cup is a perfect opportunity for fraudsters, and you can’t create a better one,” says David Holtzman, chief strategy officer at Naoris Protocol, a cybersecurity and blockchain technology company. “That’s football. It’s fun and harmless, which lowers people’s defenses.”

For more than a decade, phishing has emerged as the most prevalent type of online scam. Phishing – a more targeted form of phishing in which attackers use information gathered from search engines, social media and other online sources to create more persuasive messages – poses a greater threat to World Cup fans this year.

The scale of the operation is enormous. Research by cybersecurity firm Group-IB identified more than 4,300 fraudulent domains impersonating FIFA’s official web presence, along with six parallel fraud schemes and four independent threat actors operating ahead of the tournament.

Common scams include fraudulent ticket sales, fraudulent immigration or visa-related services, and misleading offers of accommodation. Fans are also warned to be on the lookout for counterfeit merchandise and websites impersonating the tournament’s official branding.

“When we supported the Supreme Committee for Delivery and Legacy in Qatar (SCDL2022) [at the 2022 FIFA World Cup]The threats we helped identify were serious but still relatively recognizable, says TrendAI’s Jamul, such as fake ticket pages, survey scams offering free mobile data, and a malicious Android app promising live streaming, among others.

The scams themselves have not changed significantly. The difference is the technology behind them.

“In Qatar 2022, we saw fake streaming domains, doxxing scams, and encryption schemes using images of footballers,” Jammoul says. “These same categories are emerging again now, only bigger and more AI-savvy.”

Scammers also use artificial intelligence

“There has been an astronomical increase in scams over the past couple of years, and AI is the main reason behind that,” says Naoris Protocol’s Holtzman. According to experts, AI does not invent completely new attack methods, but rather makes attackers much more efficient than they were before.

By creating highly professional emails at scale and helping attackers create convincing fake websites, AI is dramatically expanding the threat landscape.

At the same time, AI has also become one of the most powerful defensive tools in the cybersecurity industry. By analyzing massive amounts of data and detecting unusual patterns, it can help identify suspicious areas and anticipate emerging threats. But technology alone may not be enough.

Businesses increasingly rely on collaboration between platforms, cybersecurity companies, and law enforcement to track potential threats. Meta, for example, says it has worked through initiatives such as the Global Signal Exchange (GSE) and the Fraud Intelligence Reciprocal Exchange (FIRE) to identify and disrupt coordinated scams targeting users.