Fake apps, lookalike hotel sites, and email spoofing were targeting the World Cup before it even kicked off

Check Point's new FIFA World Cup 2026 Cyber Threat Report shows scammers had their infrastructure built and staged months before the tournament opened on June 11. More than a third of official FIFA partners lack the email authentication needed to stop attackers from spoofing their domains, leaving the tournament's sprawling supply chain of airlines, hotels, and vendors wide open to convincing impersonation emails.

Fake sportsbook apps spiked roughly 60 times above normal levels in April and May, mostly on Google Play, with several developer accounts pushing lookalikes of multiple betting brands within days of each other. Researchers also found Russian-language Telegram channels posing as betting "tipsters," splitting predictions across followers so enough of them appear to win and keep depositing — funneling affiliate commissions back to the scammers.

Fake hotel and travel booking sites followed the same pattern: nearly a third of all FIFA-themed lookalike domains tracked over a 12-month span were registered in March and April alone, timed to catch fans booking trips when urgency was highest. Most were built on cheap, abuse-tolerant registrars and a phishing-favored domain extension, with some even set up to intercept password resets.