One in 41 new domains was already flagged as malicious
9,741 World Cup-related domains registered in April 2026, with 1 in 41 classified as malicious—a five-fold increase from 2022 tournament peaks. Cybercriminals operating fake FIFA stores, gambling platforms, and phishing schemes targeting personal data, credentials, and banking information across multiple languages.
- 9,741 World Cup-related domains registered in April 2026
- Five times higher than peak registrations during 2022 World Cup
- 1 in 41 new domains classified as suspicious or malicious by May
- 30-48% annual increase in cyberattacks across host nations' key sectors
Check Point Research warns of unprecedented cyber threats ahead of 2026 World Cup, identifying nearly 10,000 malicious domains in April alone—5x higher than 2022 levels—including fake merchandise stores, fraudulent betting platforms, and phishing sites.
The 2026 World Cup hasn't kicked off yet, but cybercriminals are already positioning themselves to exploit the global attention and spending that surrounds the tournament. Security researchers at Check Point have documented a wave of digital threats tied to the event—counterfeit merchandise stores, rigged betting platforms, and phishing sites designed to harvest personal information, login credentials, and banking details from fans and businesses alike.
The scale is staggering. In April alone, 9,741 new domains incorporating keywords like "FIFA" or "World Cup" were registered. That's more than five times the peak volume observed during the 2022 World Cup in Qatar. The acceleration has been relentless: since February, the rate of such registrations has climbed more than fourfold. By early May, the threat had become so pervasive that one out of every 41 newly registered World Cup-related domain was already flagged as suspicious or malicious.
Check Point's researchers have catalogued specific examples of the fraud infrastructure now operating. One site, fifaofficialstore.shop, mimics FIFA's official merchandise store, dangling discounts up to 80 percent on jerseys, plush toys, and souvenirs. Another, fifa2026guess.com, presents itself as a gamified platform where users can earn daily rewards by "voting" on national teams—a thin disguise for a betting scheme. A third, fortune-worldcup2026.com.cn, operates as a fraudulent sportsbook in Chinese, falsely claiming official World Cup status.
The threat extends beyond individual fans to entire economic sectors in the host nations. Canada, the United States, and Mexico are all experiencing sharp increases in cyberattacks targeting industries most exposed to World Cup activity. Media companies, hotels, tourism operators, transport providers, and logistics firms have seen attack volumes rise between 30 and 48 percent year-over-year across the three countries. These aren't isolated incidents—they represent a coordinated shift in criminal attention toward the tournament and the infrastructure supporting it.
What makes this moment particularly vulnerable is the convergence of factors that cybercriminals exploit during major sporting events. Millions of fans will be traveling, booking accommodations, purchasing merchandise, and placing bets. Businesses will be managing surges in transactions and customer data. The excitement and time pressure that surrounds a World Cup creates cognitive conditions where people are more likely to click on a suspicious link or enter credentials into a fake site. Criminals know this. They're betting—quite literally—that the noise and chaos of the tournament will provide cover for their operations.
Citas Notables
Check Point Research identified fake FIFA merchandise stores offering discounts up to 80%, gamified betting platforms, and fraudulent sportsbooks operating across multiple languages— Check Point Research findings
La Conversación del Hearth Otra perspectiva de la historia
Why is the World Cup specifically such a target? Couldn't criminals just run these schemes anytime?
They could, but the World Cup is a force multiplier. You have billions of people globally paying attention to the same thing at the same time. Travel, spending, transactions—all concentrated. The emotional investment makes people less careful.
So these aren't sophisticated attacks? They're just... obvious fake stores?
Some are obvious if you look closely. But most people aren't looking closely. They're excited, they're in a hurry, they trust the brand name. A fake FIFA store with an official-sounding domain can move merchandise before anyone notices.
The numbers jumped five times from 2022. What changed?
The tools got easier to use. Domain registration is cheap and fast. Hosting is distributed globally. And the criminals learned from 2022 what works. They're not experimenting anymore—they're scaling.
What about the betting platforms? Those seem more dangerous than fake jerseys.
They are. A fake betting site doesn't just take your money—it takes your banking credentials, your identity documents. That's worth far more on the dark web than a single transaction. And in countries where gambling is regulated, these sites operate in legal gray zones.
Are the host countries doing anything about it?
Check Point is raising the alarm, which is the first step. But by the time a domain is identified and taken down, the criminals have already moved to the next one. It's a game of whack-a-mole played at scale.