Fans warned over World Cup cyber scams & fake tickets

Acronis has warned that football fans face a rise in cyber scams linked to the FIFA World Cup, with fraudsters targeting ticket sales, travel bookings and streaming activity around the tournament.

The cyber security company said advances in generative AI are making phishing pages and fake websites more convincing, increasing the risk that supporters will hand over payment details, login credentials and other personal information.

The warning covers fans travelling to matches in North America and people watching online. Researchers said large sporting events drive demand for tickets, accommodation, transport and live coverage, giving criminals more chances to exploit hurried purchases and unfamiliar digital services.

The main risks identified include fake ticketing sites, QR-code scams, rogue public Wi-Fi networks, bogus streaming services and malicious mobile apps. Acronis also highlighted account takeover attempts targeting streaming platforms, where attackers use previously stolen usernames and passwords to gain access.

In-person spectators face particular risks in airports, hotels, stadiums and fan zones, where open wireless networks can be used to intercept credentials or redirect users to malicious sites. Fraudulent QR codes can also send users to pages offering tickets or giveaways in exchange for payment or personal data.

Online viewers face a different set of traps. Fake streaming websites may promise free or discounted access to matches, while deceptive adverts and pop-ups on unofficial services can lead to phishing pages or malware downloads.

Unofficial apps pose another risk because they can appear to offer match coverage while installing spyware or other malicious software on a user's device. Scam promotions and subscription offers tied to the tournament may also be used to collect personal and financial information.

Organisations involved in supporting major events also face heightened cyber risks, including distributed denial-of-service attacks, brand impersonation and credential theft campaigns. Those threats can have knock-on effects for consumers if attackers use trusted names to lend credibility to bogus offers.

Fan targets

Acronis said the threat reflects a broader pattern in which major global events attract opportunistic cybercrime by combining urgency, high spending and heavy digital traffic. The World Cup is especially attractive because millions of fans are likely to make rapid decisions on tickets, transport and viewing access.

"Large global sporting events like the Olympics and this week's World Cup kickoff are the perfect breeding grounds for cybercriminals to target unsuspecting fans. As millions make plans for travel, accommodations, and tickets surrounding the 2026 FIFA World Cup events taking place across North America, threat actors use this uptick in activity to their advantage. Events that bring in millions of spectators are the perfect recipe for cybercriminals. More fans mean more opportunities for people to unexpectedly give away personal data or sensitive information, whether that's through purchasing tickets on fake phishing sites or connecting to public Wi-Fi to simply share event photos on social media. And with the rise of AI, hackers can make websites look even more legitimate, convincing fans to enter personal information and credit card details for expensive ticket purchases, only to receive a fake QR-code ticket that won't work at stadium gates," the Acronis Threat Research Unit said.

Safety steps

Acronis urged fans to rely on official platforms when buying tickets or accessing streams. It also advised users to check website addresses carefully before entering credentials or payment information, and to be wary of unsolicited messages related to tickets, travel, streaming access or account problems.

Avoiding public Wi‑Fi for sensitive transactions can reduce the risk of credential theft, while multi-factor authentication makes it harder for attackers to take over accounts using stolen passwords, the company said.

Generative AI has added a new layer to online fraud by lowering the effort needed to produce persuasive copy, cloned branding and realistic-looking interfaces. That has become a growing concern for consumer-facing scams because it reduces the obvious errors that once made many phishing attempts easier to spot.

The warning comes as cyber security groups and consumer protection bodies continue to track event-led scams tied to major sporting tournaments, concerts and international gatherings. In such campaigns, criminals often exploit the excitement and urgency surrounding a high-profile event, betting that fans will act quickly before tickets or access appear to sell out.

Acronis said digital safety awareness remains the most effective protection for fans navigating ticket purchases, travel arrangements and online viewing options during the World Cup period.

"The best defense is digital safety awareness and good cyber hygiene. We advise sportsgoers to use official platforms, verify URLs before entering credentials or payment information, and avoid public Wi-Fi, especially when conducting sensitive transactions. Enabling security measures like multi-factor authentication and treating unsolicited messages related to tickets, travel, streaming access, or account issues with caution can go a long way in helping protect your personal information. As North America prepares to host millions of international visitors, these events are a stark reminder that while sports bring people together, they can also create opportunities for cybercriminals to exploit confusion through phishing, impersonation, and fraud campaigns targeting fans, travelers, and online viewers," the unit said.