As the FIFA World Cup 2026 approaches, cybercriminal activity is rising. A new report from Check Point Software shows that cyberattacks, fraud, ransomware and organized crime are already targeting everyone from travelers and betting companies to airports and hotels ahead of the world’s biggest football tournament.
The 2026 World Cup is expected to draw millions of visitors and billions of TV viewers worldwide. That environment—marked by large payment flows, high activity and tight timelines—creates new opportunities for cybercriminals. Check Point’s report notes a sharp increase in fake FIFA- and World Cup–related websites and fraud campaigns throughout spring 2026.
Financial services, travel and hospitality, and the gaming and betting sectors are particularly exposed. Within travel and hospitality, 56 percent of identified malicious domains target accommodation and travel services, where fans are spending heavily in preparation for the tournament. The report also finds that fraudsters increasingly use fake ticket sales and booking sites to steal payment details and personal data.
Companies involved with the tournament face elevated risk as well. More than a third of official partner organizations lack adequate protection against email spoofing, increasing the likelihood of CEO fraud and falsified payment instructions. Meanwhile, ransomware and cyberattacks against airlines, airports and hotels are already a growing global problem. Even short service disruptions on match days can have major consequences for travelers and critical public services.
Beyond conventional cybercrime, the report warns that increased tourist flows and international payments can be abused for money laundering and human trafficking. It also anticipates that state-backed actors may use denial-of-service attacks and AI-generated disinformation to cause disruption and influence global attention around the tournament.
“What is clear is that the threat landscape around the FIFA World Cup 2026 is already active and well organized,” says Oskar Rödin, security expert at Check Point Software. Attackers are not waiting for the tournament to begin. They have already built the infrastructure needed to launch cyberattacks, fraud and ransomware campaigns at a moment when trust is high, time pressure is greatest and the world is watching the event.
Organizations should strengthen protections around identities, payment flows and critical systems now. Fans should use verified services, avoid dubious offers involving cryptocurrencies and betting, and be cautious of deals that seem too good to be true.
To read the full report, click here.