The FIFA World Cup 2026 is one of the most anticipated sporting events in history, and cyber criminals are already capitalizing on excitement. As matches kick off across the United States, Canada, and Mexico, threat actors are flooding the internet with fake merchandise stores, fraudulent betting platforms, and phishing domains designed to steal your money and personal data. This report breaks down the latest threat landscape so fans can stay safe while enjoying the beautiful game. 

As the host countries of the FIFA World Cup 2026, the United States, Canada, and Mexico all recorded an increase in the weekly average number of cyber-attacks per organization in April 2026 compared to both March 2026 and April 2025. Mexico recorded the highest volume, with a weekly average of 3,548 cyber-attacks per organization, representing a 5% increase month over month (MoM), and a 4% increase year over year (YoY). Canada followed with a weekly average of 1,649 attacks per organization, marking a 12% increase compared to March 2026 and an 18% increase compared to April 2025. In the United States, organizations experienced a weekly average of 1,497 cyber-attacks, reflecting an 8% increase MoM and a 1% rise YoY.

When examining sectors most likely to be impacted by the FIFA World Cup 2026, the combined weekly average number of cyber-attacks per organization across the Media & Entertainment, Hospitality, Travel & Recreation, and Transportation & Logistics industries also increased across all three host countries in April 2026, compared to both March 2026 and April 2025.

Figure 1: Average weekly cyber-attacks per organization (April 2026)

Another notable trend is the surge in domain registrations containing “FIFA” or “World Cup” keywords over the past six months (November 2025–April 2026). Since February 2026, volumes have grown more than 4x in just two months, with April 2026 reaching 9,741 registrations, more than 5x the peak seen during the Qatar 2022 World Cup. This pattern suggests deliberate preparation activity ahead of the tournament, likely accelerated by AI tools and automation that allow attackers to spin up scam sites at scale.  

The threat is already materializing. Even with a large portion of April domains still unclassified, Check Point Research found that 1 in every 65 domains has already been confirmed as suspicious or malicious. By early May, with the tournament still weeks away, that ratio had already worsened to 1 in every 41 domains, with 3,056 new domains registered in the first weeks of the month alone. As kick-off approaches, that number is only expected to climb. 

Figure 2: Number of new domains containing “FIFA” or “World Cup” keywords from Nov 2025 to April 2026

Supporting this trend, Check Point identified a malicious domain fifaofficialstore[.]shop, created in March 2026, which impersonates an official FIFA merchandise store. The website mimics a legitimate “FIFA Store”, offering World Cup 2026-themed products such as jerseys and souvenirs, while promoting discounts like “up to 80% off” and free shipping. Its professional design and use of official branding are intended to create a sense of legitimacy, likely aiming to trick users into making purchases and sharing personal or financial information. 

Another example is the malicious domainfifa2026guess[.]com, created in April 2026 to exploit the growing interest around the upcoming World Cup. The site, branded as a “2026 World Cup Forum,” presents a gamified platform where users can earn money by “voting” for teams such as Mexico, the United States, and Spain, promising returns like $3.00 daily profit for a $10.00 entry. It includes options such as “deposit, “withdraw, and “invite friends, mimicking a legitimate rewards-based app, and is likely designed to lure victims into depositing funds and sharing personal or financial information. 

In addition, Check Point identified numerous malicious domains created in recent months, most of which host World Cup 2026-themed betting sites, primarily in Chinese. One example is fortune-worldcup2026[.]com[.]cn, created in April 2026, which presents itself as an “official” betting platform offering sports betting, eSports, and lottery-style games, along with high bonuses and daily rewards, and includes calls-to-action such as “Download now” and “Free registration” to drive user engagement.

*The original website is in Chinese, and the screenshot shown has been translated into English.

Check Point Recommendations: Red Flags Every Fan Should Know

  • Steep discounts on official merchandise: Offers like “up to 80% off” on jerseys or souvenirs are a hallmark of fake FIFA stores designed to steal payment details
  • Domains with “FIFA” or “World Cup” in the URL: Legitimate FIFA platforms use fifa.com. Unofficial domains mimicking official branding are almost always scams
  • “Vote to earn” or prediction games with cash promises: Platforms promising guaranteed daily profits for depositing funds (e.g. “$3/day for a $10 entry”) are fraudulent schemes built to harvest money and personal data 
  • Requests to “Download now” or “Register free” on unfamiliar sites: Calls-to-action pushing app downloads or free sign-ups on newly created or unverified sites are common lures used to install malware or collect credentials 

You may also like