Football 

Fake World Cup accounts appear on numerous social media platforms. — Photo courtesy of FortiGuard Labs

HÀ NỘI — The FIFA World Cup 2026 will bring together fans, teams, sponsors, broadcasters, hospitality providers and businesses at one of the world's largest sporting events. However, it will also present significant opportunities for cybercriminals seeking to exploit the tournament's global reach and heightened online activity.

Major international sporting events create great anticipation, attract high search volume, evoke strong emotions and drive large volumes of digital transactions.

Fans are searching for tickets, travel offers, merchandise, livestreams, betting sites, job openings and event updates. Meanwhile, organisations are busy with logistics, staffing, travel arrangements, customer service, media tasks and coordinating with third parties.

Threat actors have anticipated these scenarios and have already started exploiting them.

A new study from FortiGuard Labs, which has an office in Việt Nam, reveals that cybercriminal infrastructure linked to the World Cup is already operational.

From January to May, more than 13,000 World Cup-themed domains were registered, with about 8.8 per cent flagged as malicious or suspicious.

Registrations surged between March and May, with many domains abusing FIFA branding and targeting tickets, streaming, betting and hospitality services.

The report identifies several major categories of FIFA-themed threats: phishing and fake ticketing websites, resale ticket scams promoted through Telegram and other channels, fake merchandise storefronts and malicious betting and streaming applications.

Ticketing scams are among the most visible threats because they exploit scarcity. Fans unable to secure tickets through official channels often turn to resale websites, social media groups, Telegram channels, search ads or peer-to-peer marketplaces.

FortiGuard Labs identified numerous counterfeit ticketing sites mimicking official FIFA pages that gather personal info, login details, billing and payment data. 

It also found more than 1,700 suspected FIFA-related impersonation accounts and channels across social media and messaging platforms. 

Social media scams are particularly convincing because they often appear within legitimate conversations.

Installing apps from unofficial sources can expose devices to spyware, credential theft, remote access tools or other malware. This risk increases when users ignore security warnings to access streams, promotions or betting platforms.

The World Cup also generates demand for temporary workers, contractors, hospitality staff, logistics personnel, media support and event-specific roles. This demand provides attackers with another attractive target.

Additionally, FortiGuard Labs found over 1,500 records of FIFA-related employee and organisational accounts in past breach datasets.

FortiGuard Labs suggested all organisations should start their defensive preparations early. Security teams should monitor lookalike domains, brand impersonation, malicious ads, fake social media accounts and credential leaks involving employees, partners and customers. 

Meanwhile, fans and employees should be reminded to use official ticketing channels. — VNS