The 2026 Fifa World Cup is fast approaching, and while fans across South Africa and the globe are dusting off their supporters’ jerseys and planning their viewing schedules, a team not playing by the rules is already on the field.
Cybercriminals are capitalising on the massive global hype around the Fifa World Cup to launch a sophisticated wave of digital attacks designed to intercept your hard-earned money before the first ball is even kicked in North America.
According to the latest intelligence from Check Point Research, the sheer scale of this threat is unprecedented, fuelled by a dangerous combination of high fan anticipation and the rapid evolution of artificial intelligence (AI). The numbers emerging from the build-up to this tournament are staggering.
In April alone, researchers identified 9 741 new domain registrations containing the keywords “Fifa” or “World Cup”. This represents a volume more than five times the peak seen during the Qatar 2022 World Cup.
Since February, these registration volumes have quadrupled in just two months. This isn’t just a coincidence; it is a calculated, AI-assisted preparation phase by threat actors. We are seeing a level of industrial-scale preparation that we haven’t encountered in previous sporting cycles.
Cybercriminals are using AI tools and automation to spin up scam infrastructure at a speed that was impossible four years ago. For every legitimate site you visit, there are dozens of malicious mirrors waiting to trap the unprepared.
While the threat is global, the three host nations, the United States, Canada and Mexico, are in the crosshairs. All three countries recorded a spike in weekly cyberattacks per organisation in April 2026 compared to both the previous month and the previous year.
- Mexico: recorded the highest volume with a weekly average of 3 548 attacks per organisation, a 5% increase month-over-month;
- Canada: saw a weekly average of 1 649 attacks, marking a significant 18% increase year-over-year; and
- United States: organisations faced 1 497 attacks weekly, reflecting an 8% rise from March.
Perhaps more concerning for South Africans planning to travel to the games is the targeting of specific industries.
Sectors most exposed to World Cup traffic, such as media, hospitality, travel and transport, have seen attack surges ranging from 30% to 48% year-on-year across the host countries. The primary goal of these attackers is simple. They want to steal your money and your identity.
Check Point has identified several live examples of how these scams are being deployed.
1. The fake merchandise trap
Criminals have created highly professional sites to impersonate legitimate Fifa outlets. These sites use official branding and offer “too good to be true” deals, such as 80% off jerseys and souvenirs. These sites aren’t just selling fake kits, they are harvesting credit card details and home addresses.
Once they have your payment info, the ‘discount’ you thought you got becomes a very expensive lesson in identity theft.
2. The vote to earn gamble
Another sophisticated lure involves gamified platforms. One example, branded as a “World Cup Forum,” promises users guaranteed daily profits (e.g., $3 profit on a $10 deposit) just for “voting” for teams like Mexico or the US. It mimics the look of a legitimate rewards app with “deposit” and “withdraw” buttons to build a false sense of security.
3. Global betting scams
The threat isn’t limited to North America. A cluster of fraudulent betting platforms, many hosted in Chinese, targets fans worldwide with promises of high bonuses and lottery-style games. Whether you are in Johannesburg or Mexico City, you are a potential target.
By early May, Check Point found that one in every 41 newly registered World Cup domains was already confirmed as suspicious or malicious.
To stay safe, look for these specific red flags:
- Suspect URLs: legitimate Fifa platforms use fifa.com. Be extremely wary of domains that add extra words or use unusual extensions like .shop or .cn;
- Impossible discounts: if a site offers the latest 2026 jersey for 80% off, it is likely a scam. Official merchandise rarely sees such deep discounts before the tournament even starts;
- Guaranteed returns: no legitimate platform will promise you a “daily profit” for voting on matches. These are classic Ponzi-style lures;
- Aggressive calls to action: be sceptical of sites that immediately push you to “Download now” or “Register free” to access content. These are often used to install malware or steal login credentials.
As people count down the weeks to the opening ceremony, the digital landscape will become more treacherous. Cybercriminals are betting on people’s excitement to cloud their judgment. The World Cup is a time of excitement, but in the digital world, it’s a high-stakes match where you are the target.
Our advice to fans in South Africa and abroad is simple: stay on the official channels. If a deal looks too good to be true, it probably is. Double-check every link, use multifactor authentication on your accounts and never download apps from unverified websites. Let’s keep the excitement on the pitch and the criminals out of our bank accounts.
By staying vigilant and recognising these common tactics, fans can ensure that the only thing stolen during the 2026 World Cup is a last-minute victory on the field and not their personal data.
–De Bruin is head of security consulting – Africa at Check Point Software.
