A ticket for the 2026 FIFA World Cup arrived in a fan’s inbox with a QR code and professional branding, yet it was fake.
Spotting a scam used to be simple. A suspicious email address, poor grammar, or a typo was often enough to raise alarm. At the 2026 tournament hosted by the United States, Canada and Mexico, those old warning signs are vanishing. AI-generated websites, deepfake videos, fabricated audio and convincing phishing campaigns allow criminals to impersonate legitimate organisations with unprecedented ease.
The event features 104 matches across 16 cities. This scale has created a unique opportunity for cybercriminals.
More than 13,000 FIFA-themed domains were registered between January and May 2026. By early May, roughly one in 41 had been identified as suspicious or malicious, before a single match was played, according to Tarek Jammoul, regional managing director at cybersecurity firm TrendAI.
FIFA estimates more than 6 million fans will fill stadiums. More than 150 million tickets were requested within the first 15 days of the sales window alone. This makes the edition approximately 30 times oversubscribed compared to previous tournaments.
“The World Cup is the perfect opportunity for scammers—you couldn’t create a better one,” says David Holtzman, chief strategy officer at Naoris Protocol, a cybersecurity and blockchain company. “This is soccer. It feels fun and harmless, which lowers people’s defenses.”
For more than a decade, phishing has emerged as the most prevalent type of online scam. Spear phishing, a more targeted form where attackers use information gathered from search engines and social media to create convincing messages, presents a bigger threat this year.
The scale of the operation is enormous. Research led by Group-IB identified more than 4,300 fraudulent domains impersonating FIFA’s official web presence. This included six parallel fraud schemes and four independent threat actors operating ahead of the tournament.
Common scams include fake ticket sales, fraudulent immigration or visa-related services and misleading accommodation offers. Fans are also warned to look out for counterfeit merchandise and websites impersonating official tournament branding.
“When we supported the Qatar Supreme Committee for Delivery & Legacy (SCDL2022) at the 2022 FIFA World Cup, the threats we helped identify were serious but still relatively recognizable—fake ticketing pages, survey scams offering free mobile data, and a malicious Android app promising live broadcasts, among others,” says Jammoul.
The scams themselves have not changed dramatically. The difference is the technology behind them.
“At Qatar 2022, we saw fake streaming domains, data-bait survey scams, and crypto schemes using footballers’ likenesses. Those same categories are staging again now, only larger and more AI-polished,” Jammoul says.
The Scammers Are Using AI Too
“There’s been an astronomical increase in scams over the past two years, and AI is a big reason why,” says Holtzman, of Naoris Protocol. Experts say AI is not inventing entirely new attack methods. It is making attackers far more efficient than they were before.
By generating highly personalised, professional-looking emails at massive scale and helping attackers create convincing fake websites, AI is dramatically expanding the threat landscape.
At the same time, AI is becoming one of the cybersecurity industry’s most powerful defensive tools. By analysing vast amounts of data and detecting unusual patterns, it can help identify suspicious domains and anticipate emerging threats. But technology alone may not be enough.
Companies are increasingly relying on collaboration between platforms, cybersecurity firms and law enforcement to track potential threats. Meta says it has worked through initiatives such as the Global Signal Exchange (GSE) and Fraud Intelligence Reciprocal Exchange (FIRE) to identify and disrupt coordinated scams targeting users.
“Through collaboration with Visa via the GSE, we helped identify and take action against a network on Facebook that was using spoofed branding and promoting fake offers designed to mislead people into sharing personal or financial information,” says Basma Ammari, director of public policy MENA at Meta.
“We can predict what future attacks may look like by using the same technology attackers are using—but for defense,” says Kristopher Russo, a principal threat researcher at Palo Alto Networks’ cybersecurity wing, Unit 42.
But even as AI becomes a powerful tool for cybersecurity companies, it may not be enough to eliminate the threat.
“What consumers need to understand is that many of the old ways of identifying scams simply aren’t as reliable any more,” Russo says. He adds that fans should beware of newer tactics, such as QR code scams, where attackers place malicious codes over legitimate ones in bars, restaurants and other public venues.
This story originally appeared in WIRED Middle East.
