Check Point Research (CPR), the threat intelligence division of Check Point® Software Technologies Ltd. (NASDAQ: CHKP), a pioneer and global leader in cybersecurity solutions, has released the latest insights on cyber threats related to the 2026 FIFA World Cup (hereinafter 'FIFA World Cup 2026') for May and June 2026, as of June 9, 2026, U.S. time.
According to CPR's investigation, as the tournament approaches, the registration of related domains has surged, accompanied by a rising proportion of malicious and suspicious domains. CPR has identified phishing scam sites impersonating official merchandise and ticket sales, as well as illegal betting (gambling) websites, and is urging caution against cyber threats associated with the event.
Threat Landscape Intensifies with Tournament Kickoff
In May 2026, cyberattacks targeting industries such as 'Media & Entertainment,' 'Hospitality, Travel & Leisure,' and 'Transportation & Logistics' continued to increase in Canada and the United States. The average number of weekly attacks per organization reached 1,547 in the U.S. (a 6% increase from the previous month) and 1,055 in Canada (an 18% increase from the previous month).
Related Domain Registrations Surge 49% Month-on-Month in May
In May, new domain registrations related to 'FIFA' and 'World Cup 2026' reached 14,545, a 49% increase compared to April. Furthermore, over 7,000 new domains were registered in just the first week of June.
Rising Proportion of Malicious Domains Among New Registrations
Alongside the surge in registrations, the proportion of malicious and suspicious domains has also increased, clearly indicating an acceleration in attackers' preparatory activities ahead of the tournament kickoff. The threat landscape is becoming increasingly severe in every aspect as the event approaches.
Figure: Proportion of Malicious Domains Among Newly Registered Domains Related to 'FIFA' and 'World Cup 2026'
Phishing Scam Case: Fake FIFA Official Merchandise Stores
Six fake websites impersonating official FIFA merchandise sales sites have been identified. These include 'fifafanjerseys[.]shop' and 'onlinefifavip-eu[.]shop' discovered in March 2026, and 'fifastore[.]us[.]com,' 'fifa2026worldcup-us[.]com,' 'fifagroup[.]shop,' and 'fifa2026fworldcup[.]com' identified in May 2026. These sites impersonate legitimate retailers such as the FIFA official store, WorldSoccerShop, and Fanatics. All are cleverly designed to appear authentic, featuring branding themed around the host nations, AI-generated player images, and discounted offers for 2026 World Cup jerseys. However, victims' payment card information is stolen on these sites, and purchased items never arrive.
Fraudulent Ticket and Hospitality Sales Sites
Fake websites impersonating FIFA's official ticketing site or hospitality platforms are targeting fans attempting to purchase match tickets or premium viewing packages. Specifically, three sites were identified: 'fifaworldcup26[.]sale' in February 2026, 'fifa-2026[.]xyz' in March 2026, and 'fifa-ticket[.]live' in April 2026. These sites mimic the interface of the official FIFA.com site and premium ticketing platforms, displaying fake 'Official Hospitality' purchase pop-ups, fraudulent ticket inquiry forms that redirect to WhatsApp, and VIP lounge package promotions with urgency-inducing messages such as 'limited seats remaining.' Users are ultimately directed to fraudulent payment pages on these sites.
Chinese-Language World Cup Betting Platforms
The betting information aggregation services 'fifaworldcup2026[.]top' and 'wap.fifa2026shijiebei[.]top' were both registered in January 2026. These are desktop and mobile versions operating on shared infrastructure and are run in Chinese. Both sites feature live match scores, banner advertisements for bookmakers such as bet365, BetVictor, William Hill, M88, and E8 Sport, and guide articles explaining how to place bets during the World Cup. Registered users are redirected to accounts with illegal overseas bookmakers.
About Check Point Research Check Point Research provides the latest cyber threat intelligence to Check Point's customers and the threat intelligence community. The team collects and analyzes global cyberattack data stored in ThreatCloud AI, Check Point's threat intelligence platform, contributing to product development by enhancing the effectiveness of built-in protection features while deterring hackers. Over 100 analysts and researchers are part of the team, collaborating with security vendors, law enforcement agencies, and various CERT organizations to strengthen cybersecurity defenses.
Blog: https://research.checkpoint.com/ X: https://x.com/_cpresearch_
About Check Point Check Point Software Technologies (www.checkpoint.com) is a global leader in cybersecurity, protecting over 100,000 organizations worldwide. Check Point's mission is to secure organizations' safe AI transformation. Based on a prevention-first approach and an open ecosystem architecture, Check Point helps organizations reduce risk, simplify operations, and innovate with confidence. Check Point's integrated security architecture continuously adapts to evolving threats and expanding AI attack surfaces, protecting hybrid networks, cloud environments, digital workspaces, and AI systems. Anchored by four strategic pillars—Hybrid Mesh Network Security, Workspace Security, Exposure Management, and AI Security—Check Point delivers consistent protection and visibility across complex multi-vendor environments. Check Point Software Technologies Ltd.'s wholly owned Japanese subsidiary, Check Point Software Technologies K.K. (https://
FACT BOX
- Source: PR TIMES
- Category: Survey
- Organizations: FIFA / Fanatics / bet365
- Products / services: ThreatCloud AI / Check Point Research