Millions of football fans around the world are gearing up for the World Cup, and cybercriminals are seizing the moment to exploit the heightened interest. Experts at Kaspersky have uncovered various types of scams that mimic official tournament resources or leverage the event for unsafe purposes, putting users' data and finances at significant risk.
On one of the fraudulent websites discovered, users are offered the option to buy tickets for FIFA World Cup matches, with payments accepted in almost any currency. However, after completing the fake registration and payment steps, users risk not only losing money from their bank cards but also exposing sensitive personal data to attackers. The site uses the official colour scheme of the 2026 tournament to mislead users. In addition, the scammers offer ways to contact them, either directly on the site or via messaging apps.
Another website offers users the chance to purchase "official merchandise" for the 2026 tournament, featuring images of mascot plush toys and T-shirts, with a wide selection available for “purchase.” To make the offer more enticing, the site highlights steep discounts. Additionally, to appear more credible, the scammers have added a “Trusted store” badge at the bottom of the page, along with a registration form that requests personal and banking details.
An example of a phishing website offering to “purchase” tickets for the FIFA World Cup.
Another attack scenario involves fraudulent email campaigns, in which attackers attempt to trick users into sending money or click a phishing link. To increase the chances of engagement, the emails feature compelling subject lines and persuasive messaging. In one of the examples identified, fans received emails allegedly sent by official representatives of the event regarding a fake decision from a dispute resolution chamber. The link provided in the email leads to a phishing page.
An example of a fake website prompting users to buy FIFA 2026 merch.
In some cases, users are targeted with scam emails claiming they have “won” a $500,000 grant to cover tickets, flights, and accommodation, followed by instructions to contact the sender to claim the “prize” funds. Kaspersky also reports email spam and unsolicited ads related to the sale of competition-themed merchandise and souvenirs, some of them might turn out to be a scam.
Example of a blocked phishing email.
“Unfortunately, major sporting events that attract large audiences are never overlooked by scammers. Seemingly harmless or even appealing emails can often conceal not only dangerous links and malicious attachments. In some cases, careless interaction with such messages can lead to serious device infections. We recommend that users ignore any suspicious emails and websites to protect their financial assets and keep their devices and personal data secure,” says Anna Lazaricheva, senior spam analyst at Kaspersky.
To avoid falling victim to scam or phishing, Kaspersky advises users to:
- Check the authenticity of websites before entering personal data and only use official webpages. Double-check URL formats and organisations name spellings.
- Always choose official and reputable streaming platforms to protect your personal data from theft and misuse.
- Use a reliable security solution that identifies malicious attachments and blocks phishing links. To ensure advanced cyber protection against increasingly complex phishing threats, Kaspersky actively amplifies its consumer solutions with AI-powered scam protection. In 2025, Kaspersky Premium once again received the annual 'Approved' certification in Anti-phishing tests by the leading testing lab AV-Comparatives, highlighting the product’s strong, AI‑enhanced anti‑phishing capabilities.
- Enable multi-factor authentication and monitor accounts: Activate 2FA on IDs and financial apps, and regularly review statements for unauthorised activity
- Do not trust any links or attachments received by mail; double-check the sender before opening anything.
- Double-check e-shop websites before filling out any information: is the URL correct? Are there any spelling errors or design bugs?