With the 2026 World Cup approaching, the enthusiasm of fans is fueling the ambitions of cybercriminals. Cybersecurity firm Kaspersky has issued a red alert in response to the proliferation of phishing campaigns and fake websites designed to scam football fans.

1. Trap #1: The clandestine ticket sales

Fraudulent platforms are perfectly mimicking FIFA's visual identity to offer match tickets.

1. The modus operandi: These sites accept all currencies and display contact forms (sometimes linked to instant messaging) to reassure buyers.
2. The risk: By paying, victims lose their money and hand over their bank details and personal data to criminal networks.

2. Trap #2: Fake derivative products

Other sites create fake online stores offering t-shirts or plush toys of the official mascot.

1. The strategy: To lure customers, scammers display aggressive discounts and add fake security labels such as a "Trusted Shop" badge.

3. Trap #3: Emails promising "fake winnings" and fake notifications

Fraudulent email campaigns are becoming increasingly ingenious, with highly elaborate scenarios:

1. The fake lottery: Messages inform victims that they have won a $500,000 donation to fund their trip, accommodation, and tickets.
2. The false legal emergency: Some supporters receive emails mimicking official bodies (such as a supposed "dispute resolution chamber") containing malicious links.
3. Mass spam: Kaspersky also notes a resurgence of unwanted advertisements for tournament souvenirs, often hiding scam attempts.

💡 Kaspersky's tips for avoiding a tackle

To experience the competition safely, experts recommend following these golden rules:

1. Official exclusive: Buy your tickets and merchandise only on official FIFA platforms.
2. Technical vigilance: Carefully inspect website URLs before entering any information.
3. The reflex of distrust: Never click on links and do not download attachments from unsolicited emails.
4. Enhanced security: Always enable two-factor authentication (2FA) on your sensitive accounts.