Check Point Research Warns of a Surge in Fraudulent Sites and Malicious Domains Exploiting the 2026 FIFA World Cup

Check Point Research (CPR), the threat intelligence division of Check Point® Software Technologies Ltd. (NASDAQ: CHKP), a pioneer and global leader in cybersecurity solutions, has released findings showing a surge in malicious domains ahead of the FIFA World Cup 2026 in June, and is urging caution against fake sites and scams. The FIFA World Cup 2026, kicking off in June in the US, Canada, and Mexico, is expected to be watched by approximately 3 billion people. In preparation, cybercriminals have also been getting ready for months to exploit the event. According to CPR's findings, 9,741 new domains containing the keywords 'FIFA' or 'World Cup' were registered in April this year alone. This is more than five times the peak number seen during the last World Cup in Qatar in 2022. In just two months since February, such domain registrations have more than quadrupled. This trend suggests that planned preparations using AI are underway. Attackers are believed to be pre-building a large-scale fraud infrastructure in anticipation of the peak in ticket demand and fan excitement. The threat is already becoming a reality. While the majority of the newly surged domains are currently unclassified, CPR has confirmed that 1 in 41 newly registered World Cup-related domains in recent weeks has been detected as suspicious or malicious. This rate of suspicious or malicious domains is increasing as the tournament approaches. A fake 'official merchandise site' offering huge discounts and free shipping: These attacks are not random. CPR identified a fake FIFA merchandise store, 'fifaofficialstore[.]shop,' which cleverly mimics the official brand. This site, offering discounts of up to 80% and free shipping, is designed to steal users' personal and payment information. Emergence of gamified scam sites disguised as legitimate reward sites: Another site, 'fifa2026guess[.]com,' was found to be running a gamified 'vote-to-earn' scheme, promising daily cash returns for a small deposit. Disguised as a gaming platform, this site, branded as the '2026 World Cup Forum,' claims users can earn a profit of $3 per day by 'voting' on teams like Mexico, the US, and Spain and paying a $10 entry fee. It also features functions like 'deposit,' 'withdraw,' and 'invite friends' to mimic legitimate reward sites, potentially aiming to steal victims' funds as well as their personal and financial information. Illicit betting sites targeting fans worldwide: CPR has also identified numerous malicious domains created in recent months, most of which are related to a cluster of betting sites themed around the 2026 World Cup, primarily operated in Chinese. One example, 'fortune-worldcup2026[.]com[.]cn,' created in April 2026, poses as an 'official' platform, offering sports betting, esports, and lottery-style games. It uses call-to-action phrases like 'Download Now' and 'Free Registration,' along with high bonuses and daily rewards, to lure users. The fact that most of these scam betting sites are in Chinese highlights that they are targeting fans outside the host countries, underscoring that this threat is not limited to North America but is a global issue. The impact of this surge in attacks extends beyond individual fans. Cyberattacks targeting industries with the most exposure related to the World Cup, such as 'Media & Entertainment,' 'Hospitality, Travel & Leisure,' and 'Transportation & Logistics,' have shown a year-over-year increase of 30-48% in the three host countries. The infrastructure being built by criminals targeting the World Cup can be used to exploit fans, related businesses, and brands worldwide. 'Red Flags' to Know: How to protect yourself from World Cup-related cyberattacks. - Huge discounts on official merchandise: Extreme campaigns like 'up to 80% off' on jerseys and souvenirs are characteristic of fake FIFA stores aimed at stealing payment information. - Domains containing 'FIFA' or 'World Cup' in the URL: The legitimate FIFA platform uses 'fifa.com'. Unofficial domains mimicking the official brand are almost certainly fraudulent. - 'Vote-to-earn' schemes and prediction games promising cash rewards: Platforms promising continuous returns on a deposit, such as 'guaranteed $3 daily profit on a $10 deposit,' are scam schemes designed to steal money and personal information. - Calls to 'Download Now' or 'Register Free' on unfamiliar sites: Prompts to download apps or register for free on newly created or untrustworthy sites are typical tactics to infect with malware or steal login credentials. This press release is based on a blog post published in English on May 14, 2026, US time. [Corporate and contact information follows]