Cybercriminal activity has surged alongside World Cup 2026, with Kaspersky warning of a sharp rise in fake websites, phishing campaigns and scam platforms targeting football fans as global viewership peaks.
Since the tournament began on June 11, Kaspersky has identified at least 336 unique domains impersonating official World Cup resources, reflecting a coordinated effort by scammers to exploit fan engagement around live matches, betting activity and online streaming.
One of the most prevalent threats involves fraudulent streaming sites offering free access to matches. Users are typically redirected to registration pages and later prompted to pay cryptocurrency fees for “lifetime access” to tournament broadcasts. Kaspersky warns that these schemes are designed to steal both personal credentials and digital assets.
Fraudulent betting and prediction platforms are also spreading across multiple languages. These sites often request personal data such as names, emails and phone numbers during sign-up, increasing the risk of credential theft and account misuse, particularly where passwords are reused across services.
Kaspersky notes that scammers are tailoring tactics to online fan behaviour, with attacks increasingly built around how users consume live sports content.
“Since the start of the tournament, scammers have increasingly focused on the ways fans engage with the event online,” said Olga Altukhova, Senior Web Content Analyst at Kaspersky, adding that fake streaming and betting services are being deployed across multiple languages.
Email-based phishing schemes have also emerged, with attackers sending messages promoting football analytics and match prediction services. These emails often use urgency-driven language to push recipients into paying fees, reportedly up to A$200, for access to supposed insider insights.
To reduce risk, Kaspersky advises users to verify website authenticity before entering any personal data, rely only on official streaming platforms and avoid clicking suspicious links. The company also recommends enabling multi-factor authentication and monitoring financial accounts for unauthorised activity.
Kaspersky further highlights the importance of using security solutions with artificial intelligence-powered anti-phishing capabilities, noting that scam tactics are becoming more sophisticated during major global sporting events.
