LONDON: Football fans will receive FIFA World Cup ticket pre-sale notifications next week and cybercriminals are already preparing to spoil someone’s excitement.

New research from Check Point® Software has uncovered a coordinated digital fraud campaign targeting the 2026 World Cup.

In the past 60 days alone, threat actors have registered more than 4,300 spoof domains referencing FIFA, the World Cup and host cities.

These domains form the backbone of a sophisticated ecosystem designed to mimic official portals, sell counterfeit tickets, and disseminate malware-laced streams.

Key findings include:

Domain bursts coincide with FIFA announcements, suggesting the use of automation and fraud kits;

Telegram and dark-web channels already promoting “exclusive” ticket offers;

Botnets being trained to target FIFA’s ticketing systems, inflate prices, and scalp inventory; and

Scams are multi-lingual, geo-targeted and built to scale, just like the tournament.

Amit Weigman from Check Point Software Technologies said: “This isn’t phishing in isolation. It’s fraud as infrastructure, designed to grow alongside FIFA 2026.”

Research report here: https://blog.checkpoint.com/executive-insights/playing-offside-how-threat-actors-are-warming-up-for-fifa-2026/

####