Cybersecurity specialist Kaspersky has warned that scammers are exploiting travellers to World Cup 2026 and has exposed some of the online offers fans should avoid.
Thousands of fans are expected to attend the World Cup 2026, and many are already handling their travel logistics, purchasing their flights and other transport tickets, booking accommodation, and arranging everything they need to reach the host cities. As interest grows, so does the number of fraudulent schemes that exploit the fact that fans are actively preparing for their upcoming journey.
Phantom prize
In late April 2026, Kaspersky experts detected a campaign exploiting the branding of a well-known transport app, targeting users in Mexico. The interface of a fake Spanish-language website, impersonating one of the services, prompts users to enter their phone number and password in order to “claim prizes”. In reality, the attackers are mimicking a trusted brand and attempting to steal users’ credentials from those lured by the promise of a reward.
Ticket to nowhere
Some cybercriminals go “a level lower” and post their offers on the dark web. Kaspersky Digital Footprint Intelligence experts discovered a thread advertising such services, published on a shadow forum in March 2026. The listings included offers for discounted airline tickets, hotel bookings, and match tickets, allegedly at 20% off the original price. These offers are designed to lure users and can be highly dangerous, ultimately resulting in victims losing both their money and any services they expected to receive.
Entrepreneurs and property owners also in the crosshairs
Cybercriminals are also targeting businesses and entrepreneurs at the intersection of the travel industry, which is also involved in the event. Given the high demand for short-term rentals during the tournament, property owners have become an attractive target for scams. For example, a fake website was discovered requesting account credentials for a well-known platform. In this way, scammers attempt to gain access to property owner accounts, potentially resulting in unauthorised withdrawals and financial losses.
Another common scheme involves fraudsters attempting to extract money from organisations by posing as representatives of well-known airlines and offering fictitious business partnerships. In these emails, they claim to be launching new projects or business expansion initiatives and state that they are actively seeking suppliers or contractors. If a company representative responds to such an offer, the scammers typically escalate the deception in a subsequent stage. To enhance credibility, they send forged documents for completion and signature, including supplier registration forms and non-disclosure agreements.
The ultimate objective of the fraudsters in this scheme is to induce the organisation to pay a so-called “deposit”, ostensibly required to secure a priority position in a partner selection list. According to the claims made in the fraudulent communications, this payment would later be fully refunded once the partnership is formally established. In reality, this promise is entirely deceptive. The perpetrators simply appropriate the funds, and no reimbursement is ever made to the victim organisation.
“The travel sector, particularly when it intersects with major events, is a persistent target for a wide range of scams and fraudulent schemes,” says Anna Lazaricheva, senior spam analyst at Kaspersky. “For end users, it is often difficult to distinguish at first sight between a legitimate website and a spoofed one, or between genuine marketing communications from a reputable service and scam emails. We therefore advise treating overly attractive offers with a high degree of caution in order to protect your personal data and financial resources.”