Starting June 11, the FIFA World Cup 2026 will unite fans, teams, sponsors, broadcasters, hospitality providers, and businesses in one of the world’s largest sporting events. It also presents a significant opportunity for cybercriminals.
Major international sporting events create great anticipation, attract high search volume, evoke strong emotions, and drive large volumes of digital transactions. Fans are searching for tickets, travel offers, merchandise, live streams, betting sites, job openings, and event updates. Meanwhile, organizations are busy with logistics, staffing, travel arrangements, customer service, media tasks, and coordinating with third parties. Threat actors have anticipated these scenarios and have already started exploiting them.
New research from FortiGuard Labs reveals that cybercriminal infrastructure linked to the FIFA World Cup 2026 is already operational. From January to May 2026, more than 13,000 new FIFA World Cup 2026–themed domains were registered. And about 8.8% of these domains have been identified as malicious or suspicious through pattern analysis and scam activity.
That volume shows that threat actors are not waiting for the opening match. They are already here.
