Seville, Spain
Seville, Spain
+(34) 624 816 969
The World Cup not only brings the planet to a standstill every four years but also becomes a golden opportunity for cybercriminals. While fans search for tickets, live streams, or exclusive promotions, digital threats grow in parallel. From phishing and adware to fake ticket scams, the tournament has become a true cyber battlefield.
Attackers exploit the excitement and urgency of the moment to launch massive campaigns. According to Netskope Threat Labs, phishing sites and adware using the event as bait were already detected before the World Cup began, employing SEO techniques to attract victims. “Many of these sites were long-running campaigns that opportunistically adopted the World Cup brand image,” explains Vini Egerland, senior security analysis engineer at Netskope.

With the start of the tournament, the landscape changed. Netskope observed a gradual increase in malicious traffic in the days leading up to it, followed by a peak that was more than four times the previous average. “Since then, the figure has remained well above pre-tournament levels,” the company notes. Geographically, Spain and Uruguay account for more than half of visits to World Cup-related malicious content, followed by the United Kingdom, the United States, Canada, and Mexico. The common denominator: all are participating in the tournament.
Table of contents [Show]
Corey Nachreiner, CSO of WatchGuard Technologies, highlights that the first advantage cybercriminals exploit is not technical but psychological. “During a World Cup, fans want to get a ticket before it sells out, find a stream for a match about to start, or take advantage of a seemingly exclusive promotion. The attacker then introduces an element of pressure: ‘last tickets,’ ‘offer available for ten minutes,’ or ‘confirm your payment now.’”
The combination of emotion, scarcity, and urgency leads users to verify less. Criminals know this and use emails, text messages, search engine ads, social media, or QR codes to direct victims to pages that mimic FIFA, ticket sales platforms, or streaming services. The goal: obtain payments for nonexistent products, steal credentials, or install malware.

Fake tickets remain the main threat. From unauthorized resale sites to sellers selling the same ticket to multiple people, to digital tickets with fake or already used QR codes. Added to this are pages that mimic the image of official organizations, “free” streams that require creating accounts or installing malicious extensions, fake giveaways and promotions, unofficial merchandise stores, and fraudulent accommodation or travel offers.
“The format varies, but the pattern is the same: an attractive offer, a very short deadline, and a request for money or information,” summarizes Nachreiner. Carlos Vieira, head of Hornetsecurity in Spain and Portugal, adds that the most profitable attack is to deceive a person, whether a fan or employee, who can compromise corporate credentials or commit financial fraud. Therefore, he recommends protecting email with advanced tools, using multi-factor authentication (MFA), applying strict financial controls, and training employees.
Santiago Pontiroli, team leader at Acronis TRU, explains that AI is lowering the barriers for attackers. “Today, it is possible to generate web pages practically identical to official ones, create personalized messages in different languages, or automate malicious code campaigns on a large scale in minutes.” However, AI also becomes a key tool for defense, enabling the detection of anomalous behaviors and rapid response.
Major sporting events bring together three elements that cybercriminals seek: trust, urgency, and volume. “Users trust brands associated with the event, feel pressure to access quickly, and there is a huge concentration of digital activity in a few days,” says Pontiroli. Additionally, the World Cup’s digital ecosystem is broad and temporary, which can reduce the time to integrate security from the start.

Vini Egerland advises going to the official FIFA store at FIFA.com to buy tickets and products. “Do not buy tickets through Telegram, WhatsApp, or social media groups, and be careful with payment scams, such as those made through Bizum.” For streaming matches, he recommends using rtve.es or DAZN, and distrusting pages that ask for complicated procedures or downloads.
From Meta, Julia Franz offers these guidelines: use only official channels, distrust offers that are too good to be true, verify account names and URLs, strengthen security with two-step authentication, and report suspicious content. Paco Guirado, from Kyndryl Spain, concludes: “The sophistication of scams is growing, and preventive behavior remains the most effective defense. Stopping, verifying, and using official channels significantly reduces the risk of fraud.”
To delve deeper into how technology and security intertwine in other contexts, we recommend reading our analysis on The Real Estate Business of AI and how Workday and AI protect valuable data. You can also explore the concept of context debt and the practices of ethical hacking for businesses.
Original source: ComputerWorld. Analysis and adaptation by ForgeNEX.