The soccer World Cup 2026 kicked off on June 11 and alongside it the number of scammers attempting to exploit fan excitement has also increased, says Kaspersky, noting that at least 336 unique domains mimicking official World Cup resources have been detected.
In addition, cybercriminals are actively exploiting growing interest in match streaming and sports betting.
Fake broadcasting schemes
Since the start of the tournament, millions of viewers worldwide have been tuning in across TVs and other devices to watch matches live. At the same time, fraudsters have been creating websites offering “online streaming” of the championship.
The scam works as follows: attackers set up fake websites that claim to provide free access to World Cup broadcasts. After clicking “Watch now,” users are prompted to register to gain access. They are then asked to pay a cryptocurrency fee for “lifetime tournament access”. The danger of this scheme lies in the potential loss of both registration data and cryptocurrency funds.
Betting traps: When the wager is already lost
Another trap targeting football fans involves fraudulent betting and match prediction platforms. For instance, a Spanish-language website was found requesting extensive personal information – including first and last name, email address, phone number and more – under the guise of account creation. Such schemes expose users to credential theft and financial loss, particularly if they reuse the same password across multiple services.
“Since the start of the tournament, scammers have increasingly focused on the ways fans engage with the event online as watching matches today requires only an Internet connection and a device,” says Olga Altukhova, senior Web content qnalyst at Kaspersky. “As a result, criminal activity continues to grow – as reflected in the fraudulent websites we observe offering streaming and betting services in multiple languages.
“We recommend that users stick to official broadcasts to help protect their data and finances,” she says.
You’ve got mail: (Un)real predictions
Another attack scenario involves emails in which attackers attempt to trick users into sending money or clicking phishing links. To increase engagement, these messages often use compelling subject lines and persuasive wording. In one observed case, fans received emails advertising football analytics services and match winner predictions.
A notable feature is the sense of urgency – asking recipients to act quickly – which is one of the common indicators of a possible scam email. In this case, users are asked to pay a $200 fee to access football analytics. While the offer targets fans interested in betting, paying for such “services” can potentially result in irreversible financial loss.
| Virus-free.www.avast.com |