Fake public Wi-Fi scams hit World Cup venues

If you're attending one of the 104 games at the 2026 World Cup, or even watching it at a fan event or bar, cybersecurity isn't likely to be on your mind. But maybe it should be, according to a new survey from ExpressVPN.As part of its inaugural World Cup Wi-Fi Risk Index, ExpressVPN surveyed 6,000 soccer fans from the U.S., UK, France, Germany, Spain, and Australia — and found that 70 percent of those surveyed would trust public Wi-Fi networks by their name alone."Fans stream matches from airport lounges, check scores in hotel lobbies, post from bars, buy food and merchandise from their seats, and move between public networks all day without much thought about who runs them," the company said in its report. "That habit is what makes the match day experience feel modern, and what makes the 2026 World Cup such a rich target for cybercriminals."

You May Also Like

According to ExpressVPN, cybercriminals would simply have to set up a fake public Wi-Fi network and name it after the venue in order to trick the vast majority of World Cup attendees to login and share potentially sensitive information. Of the 6,000 surveyed, 70 percent of those surveyed said they would trust public Wi-Fi named "MetLife_Stadium_WiFi" while at the venue of the same name, for example. Fewer than four in 10 fans said they would be able to tell the difference between a real official public Wi-Fi network and a fake one. How an 'evil twin' attack scores off fansThe fake public Wi-Fi scam, known as an "evil twin" attack, is one of the oldest in the book. A cybercriminal simply creates a fake hotspot posing as a legit public Wi-Fi network with an official sounding name. Venue attendees connect to the fraudulent network — after which, if they log in into any accounts, sensitive information gets intercepted.