Cyber Threat Landscape During FIFA 2026
As the FIFA World Cup 2026 commenced on June 11, a significant cyber threat landscape had already been established. According to findings by Check Point Research, cybercriminals had meticulously planned their activities months in advance, targeting multiple sectors in various languages. This premeditated strategy was highlighted in the FIFA World Cup 2026 Cyber Threat Report, which outlined vulnerabilities in financial services, transportation, hospitality, and gambling sectors.
Email Impersonation Risks Among FIFA Partners
Research conducted prior to the tournament by Proofpoint revealed alarming figures about email security among FIFA partners. Over one-third of these partners lack proper DMARC enforcement, making them susceptible to domain spoofing. This vulnerability allows cybercriminals to send emails appearing to be from trusted sources without any technical barriers. The extensive supply chain involved—ranging from airlines and hotels to broadcasters and catering services—further complicates email security due to high transaction volumes and stringent deadlines.
Check Point’s capabilities in attack surface management and digital brand protection play a crucial role here. Their continuous monitoring helps identify authentication gaps and impersonation infrastructure, providing a proactive defense against potential attacks.
Spike in Fake Sportsbook Applications
A comparative analysis of eight major sportsbook brands revealed a dramatic increase in fake applications prior to the tournament. A controlled study showed a 60-fold increase in such apps on Google Play during the pre-tournament period of 2026 compared to the same time in 2025. This surge was primarily observed in April and May 2026, indicating a coordinated effort by cybercriminals.
Beyond app stores, Check Point identified Russian-language Telegram channels masquerading as fake tipster services. These channels used referral links to earn affiliate commissions from fraudulent deposits. Their dark web monitoring capabilities offer crucial insights into such operations, allowing for timely interventions before these threats fully materialize.
Creation of Fraudulent Hotel and Travel Websites
Check Point’s analysis also uncovered a significant rise in the registration of fraudulent domains mimicking FIFA-related travel and hospitality services. In April 2026, these domains accounted for 21.9% of registrations over a 12-month period. The domains are strategically designed to capture unsuspecting fans during purchase moments, exploiting the urgency and relaxed verification practices of users.
Notably, a small group of registrars, including GoDaddy and Hostinger, host the majority of these malicious domains. A significant portion use the .top TLD known for its affordability and low abuse-response thresholds, favored by cybercriminals for its persistence in phishing schemes. Check Point’s monitoring and brand protection efforts have achieved a 99% success rate in taking down these domains swiftly.
Implications and Future Outlook
Organizations in financial, travel, hospitality, and gambling sectors must remain vigilant during this period. The threat actors were strategically positioned before the tournament began, making the current threat level heightened. It is crucial to prioritize detection and remediation speed to counter these threats effectively. For more detailed insights, reading the full FIFA World Cup 2026 Cyber Threat Report is recommended.
