23 hours ago

Fraudulent websites, emails target football fans as soccer fever grips the world

With the football frenzy reaching its zenith after the World Cup kicked off on Thursday, cybercriminals are seizing the moment to exploit the heightened interest by deploying a wave of sophisticated scams.

These range from fraudulent ticket portals and fake merchandise stores to deceptive email campaigns promising $500,000 grants, all aimed at compromising fans’ personal data and financial assets, according to a report by Kaspersky.

“Unfortunately, major sporting events that attract large audiences are never overlooked by scammers. Seemingly harmless or even appealing emails can often conceal not only dangerous links and malicious attachments. In some cases, careless interaction with such messages can lead to serious device infections. We recommend that users ignore any suspicious emails and websites to protect their financial assets and keep their devices and personal data secure,” says Anna Lazaricheva, senior spam analyst at Kaspersky.

On one of the fraudulent websites discovered, users are offered the option to buy tickets for matches, with payments accepted in almost any currency. However, after completing the fake registration and payment steps, users risk not only losing money from their bank cards but also exposing sensitive personal data to attackers.

The site uses the official colour scheme of the 2026 tournament to mislead users. In addition, the scammers offer ways to contact them, either directly on the site or via messaging apps.

Another website offers users the chance to purchase official merchandise for the 2026 tournament, featuring images of mascot plush toys and T-shirts, with a wide selection available for purchase. To make the offer more enticing, the site highlights steep discounts.

Additionally, to appear more credible, the scammers have added a trusted store badge at the bottom of the page, along with a registration form that requests personal and banking details.

Fraudulent email campaigns

Another attack scenario involves fraudulent email campaigns, in which attackers attempt to trick users into sending money or click a phishing link. To increase the chances of engagement, the emails feature compelling subject lines and persuasive messaging.

In one of the examples identified, fans received emails allegedly sent by official representatives of the event regarding a fake decision from a dispute resolution chamber. The link provided in the email leads to a phishing page.

In some cases, users are targeted with scam emails claiming they have won a $500,000-grant to cover tickets, flights, and accommodation, followed by instructions to contact the sender to claim the prize funds.

The firm also reports email spam and unsolicited ads related to the sale of competition-themed merchandise and souvenirs, some of them might turn out to be a scam.

To avoid falling victim to scam or phishing, users are advised to check the authenticity of websites before entering personal data and only use official webpages to watch or download movies. Users should double-check Uniform Resource Locator (URL) formats and organisations name spellings.

Official and reputable streaming platforms should always be chosen to protect personal data from theft and misuse.

Users should also enable multi-factor authentication and monitor accounts, activate two-factor authentication (2FA) on identifications (IDs) and financial apps, and regularly review statements for unauthorised activity.

Do not trust any links or attachments received by mail; double-check the sender before opening anything. Double-check e-shop websites before filling out any information to see if the URL is correct and if there are any spelling errors or design bugs.