Security agencies say fans are at heightened risk of cyber fraud, data theft and disinformation campaigns designed to manipulate public sentiment.
This year's tournament features 48 teams and 104 matches. For the first time, the event is being jointly hosted by the United States, Canada and Mexico, with more than 6 million spectators expected across 16 cities.
“For many fans, the most dangerous rivals won’t be on the pitch but online,” said Leandro Cuzzo, a security analyst at IT firm Kaspersky, in an interview with the Mexico Business News outlet.
“Cybercriminals know millions will search for last‑minute streams and will exploit that behavior by creating fake websites that mimic legitimate broadcasts,” he added.
FIFA projects more than 6 billion interactions across television, streaming and digital platforms during the tournament, which runs through July 19.
Thursday’s opening match between Mexico and South Africa was expected to draw more than 1 billion viewers across TV, computers and mobile devices.
In a report released in early May, US cybersecurity firm Intel 471 described the World Cup as “the largest and most complex cyberattack space in the history of sports.”
Analysts said more than 19,000 fake FIFA‑related domains have been created since January, enabling criminals to steal money and personal data through phishing schemes that imitate trusted ticketing, airline and hotel services.
Singapore‑based cybersecurity company Group‑IB analyzed more than 4,300 fake domains registered since August 2025.
Among them, researchers identified an organized Chinese‑speaking group known as Ghost Stadium, which operates more than 300 websites using a single phishing tool.
According to analysts, the group created near‑perfect replicas of official FIFA pages, including imitations of the organization’s single‑sign‑on system.
Group‑IB also uncovered online stores selling counterfeit World Cup merchandise, fake streaming platforms that charge subscription fees while installing malware, and fraudulent betting sites that collect passport scans and selfies for identity theft.
A June 4 report from American cybersecurity company Recorded Future warned of activity by Russian, Chinese and Iranian groups backed by their respective governments.
Analysts say these actors are likely to use the tournament to gather intelligence and spread disinformation.
Iranian hacktivist networks have already been observed pushing propaganda narratives, including messages criticizing the United States as a co‑host, Polish state news agency PAP reported.
The FBI has issued an alert detailing a blacklist of spoofed websites used in recent attacks. The agency highlighted a spike in domains that deliberately misspell popular, legitimate sites to deceive users.
Canada’s Centre for Cybersecurity (CCCS) has warned fans about criminals deploying SMS Blasters—small devices that can be hidden in backpacks or car trunks—capable of disconnecting phones from mobile networks and sending fake messages to steal ticket or payment information.
Officials say the devices can also block calls to emergency services.
During the previous World Cup in Qatar, Group‑IB identified more than 16,000 fake domains and detected over 90 apps impersonating official fan cards, enabling criminals to steal banking logins and passwords.
US tech giant Microsoft reported that its security systems blocked more than 634 million unauthorized login attempts targeting fan accounts, stadium staff and ticketing platforms.
(pu/gs)
Source: PAP