World Cup Scams Grow Harder to Detect
▼ Summary
– AI-generated websites, deepfake videos, and convincing phishing campaigns are making World Cup scams harder to detect, replacing older warning signs like broken English or typos.
– More than 13,000 FIFA-themed domains were registered between January and May 2026, with roughly one in 41 flagged as suspicious or malicious before any matches.
– Over 6 million fans are expected to attend the 2026 World Cup, with ticket demand approximately 30 times higher than previous tournaments due to 150 million requests in 15 days.
– Common scams include fake ticket sales, fraudulent visa services, misleading accommodation offers, counterfeit merchandise, and websites impersonating official tournament branding.
– AI is enhancing scam efficiency by creating personalized, professional-looking emails and fake websites, while also serving as a defensive tool to detect suspicious patterns and threats.
A ticket for the World Cup lands in your inbox. It comes with a QR code, official-looking branding, and a confirmation email that mirrors the real thing. There’s just one problem: it’s a fake.
For years, identifying a scam was straightforward. A misspelled word, a garbled email address, or awkward phrasing were enough to set off alarm bells. But at the 2026 FIFA World Cup, those red flags have all but vanished. Thanks to AI-generated websites, deepfake videos, fabricated audio, and convincing phishing campaigns, criminals can now impersonate legitimate organizations with alarming precision.
The tournament, cohosted by the United States, Canada, and Mexico, spans 104 matches across 16 cities. It is the largest World Cup ever staged, and it has opened an unprecedented door for cybercriminals.
Between January and May 2026, more than 13,000 FIFA-themed domains were registered. By early May, roughly one in 41 had already been flagged as suspicious or malicious, according to Tarek Jammoul, regional managing director at cybersecurity firm TrendAI. And this was before a single match had kicked off.
FIFA projects that over 6 million fans will pack stadiums for the event. During the first 15 days of the ticket sales window alone, more than 150 million requests poured in, making this tournament approximately 30 times oversubscribed compared to previous editions.
“The World Cup is the perfect opportunity for scammers,you couldn’t create a better one,” says David Holtzman, chief strategy officer at Naoris Protocol, a cybersecurity and blockchain company. “This is soccer. It feels fun and harmless, which lowers people’s defenses.”
Phishing has been the dominant form of online scam for over a decade. But spear phishing, a more targeted variant where attackers mine search engines, social media, and other sources to craft hyper-personalized messages, poses an even greater danger to fans this year.
The scale of the operation is staggering. Research led by cybersecurity firm Group-IB uncovered more than 4,300 fraudulent domains impersonating FIFA’s official web presence. Alongside these, investigators identified six parallel fraud schemes and four independent threat actors operating before the tournament.
Common scams include fake ticket sales, fraudulent immigration or visa services, misleading accommodation offers, and counterfeit merchandise. Websites that mimic official tournament branding are also widespread.
“When we supported the Qatar Supreme Committee for Delivery & Legacy at the 2022 FIFA World Cup, the threats we helped identify were serious but still relatively recognizable,fake ticketing pages, survey scams offering free mobile data, and a malicious Android app promising live broadcasts, among others,” says TrendAI’s Jammoul.
The scams themselves have not changed dramatically. What has changed is the technology behind them.
“At Qatar 2022, we saw fake streaming domains, data-bait survey scams, and crypto schemes using footballers’ likenesses. Those same categories are staging again now, only larger and more AI-polished,” Jammoul explains.
The Scammers Are Using AI Too
“There’s been an astronomical increase in scams over the past two years, and AI is a big reason why,” says Holtzman. According to experts, AI is not inventing entirely new attack methods. Instead, it is making attackers far more efficient.
By generating highly personalized, professional-looking emails at massive scale and helping criminals build convincing fake websites, AI is dramatically expanding the threat landscape.
At the same time, AI is becoming one of the cybersecurity industry’s most powerful defensive tools. By analyzing vast amounts of data and detecting unusual patterns, it can help identify suspicious domains and anticipate emerging threats. But technology alone may not be enough.
Companies are increasingly relying on collaboration between platforms, cybersecurity firms, and law enforcement to track potential threats. Meta, for example, says it has worked through initiatives such as the Global Signal Exchange (GSE) and Fraud Intelligence Reciprocal Exchange (FIRE) to identify and disrupt coordinated scams targeting users.
(Source: Wired)
