World Cup Scam Economy Speeds Up, Stressing Financial Organizations
The FIFA World Cup 2026 could drive up to $40.9 billion in gross domestic product this year, underpinning hundreds of thousands of jobs and driving huge waves of spending in host cities, according to analysis by FIFA and the World Trade Organization. Los Angeles County alone is projected to see upward of $594 million in economic impact from the eight matches it will host. Unfortunately, that level of economic activity inevitably attracts bad actors who want in on the action.
Organizations will be heavily promoting their services and products during the World Cup, and consumers will be overwhelmed by a wave of ads, says Gigi Agassini, CPP, principal consultant at GA Advisory and chair of the ASIS Information Technology Security Community Steering Committee. “Plus, scammers are going to send the same quantity, or probably more. So, as an individual, it’s going to be more difficult to identify which is a scam and which is real. That represents, of course, a risk for financial institutions for fraud and scams, and for spoofing their sites.”
As of early May, fake websites were already proliferating, impersonating ticket vendors, telecoms, sticker publishers, toy manufacturers, immigration services, and crypto projects—all seemingly connected to the World Cup. Sponsored search results and search engine ads help drive users to spoof sites and malicious webpages that look legitimate but trick consumers into falling for schemes and providing personal or financial information.
The extremely high ticket prices for this year’s matches could make those scams even more appealing, though, as fans hunt for bargains on tickets, housing, and travel.
“Every World Cup cycle generates its own scam economy,” according to threat intelligence analysis from Malwarebytes Labs. “2018 had fake ticket marketplaces; 2022 leaned on phishing around Qatar’s Hayya system; 2026 is building around meme coins and visa impersonation. What’s different this time is the speed: Sites can be spun up, monetized, and abandoned within weeks, and AI-generated copy, mascot art, and product images have stripped away many of the visual cues people used to rely on.”
This year’s scam sites fall into four primary categories: crypto, travel, merchandise, and predictions.
Crypto. Some sites are marketing special cryptocurrency tokens celebrating the World Cup, and others claim to be officially licensed by FIFA, offering a false sense of legitimacy. “But there’s a real risk you’ll receive nothing, receive something you can’t sell, or sign a transaction that gives the operator access to your wallet,” Malwarebytes Labs wrote.
Travel. This fraud category is especially expensive and painful for victims. One site is advertising a “Visa to the World Cup 2026 US” for $270 per person, but there is no such visa. Instead, the site tricks people into believing they are following official rules to get access to the tournament, but the scammers are harvesting personal data and payment information in the meantime.
Fraudsters are also taking advantage of demand for tickets, travel, and accommodations—as usual—by advertising fake travel packages and nonexistent short-term rental accommodations, according to the Canadian Anti-Fraud Centre (CAFC).
Merchandise. Impersonation gets especially aggressive in this category, since there are real licenses to copy, Malwarebytes Labs said. Sites offer counterfeit jerseys, collectible sticker albums, and even LEGO sets at deep discounts. Scam retailers use high-pressure tactics and rock-bottom pricing to get access to users’ financial information or other details.
Predictions. Predictor sites present prize pools that appear to grow with every prediction, but there is no visible licensing, jurisdiction, or way to verify whether payouts will be enforced or guaranteed, the analysis said.
“Large-scale events like FIFA World Cup are a magnet for fraudsters,” said Sgt. Shiv Gill, Vancouver Police Department Financial Crime Unit, in a CAFC news release. “Please be fraud aware and use only trusted online services; if it sounds too good to be true, it likely is.”
Financial institutions are on high alert as well, Agassini says, and they should be ready to make swift decisions at scale in response to rapidly changing fraud and crime attempts, as well as geopolitical or activist cyberattacks and traditional crime, like ATM skimming and robberies.
The geographic footprint of the World Cup changes the risk equation, too.
“Normally, banks concentrate their protection strategies around specific assets or individual cities,” says Efrén Vera, CPP, vice president of security and safety for a major financial institution in Mexico. “During this World Cup, risk expands simultaneously across multiple cities and logistical corridors throughout the three host countries. It is not only about stadiums, but also airports, hotels, fan zones, transportation routes, and commercial areas.”
The international nature of the event increases the volume of digital payments and cross-border transactions, which expands the attack surface for financial fraud.
“The increase in consumer fraud can affect banking institutions at three levels: financial, operational, and reputational,” Vera says. “At the financial level, it can increase claims, chargebacks, unauthorized transactions, card-related losses, ATM fraud, phishing attacks, fake ticket sales, fraudulent accommodations, fake travel platforms, and scams targeting tourists and fans.
“At the operational level, it can overwhelm customer service centers, dispute resolution teams, fraud prevention departments, transaction monitoring operations, and digital channels,” he continues. “During an event such as the World Cup, transaction volume increases significantly, making it more difficult to distinguish legitimate tourist activity from fraudulent activity.
“At the reputational level, the risk becomes greater, because any perception that the institution is not adequately protecting customers can spread quickly through social media, international media outlets, and global fan communities.”
To prepare, banks should strengthen transaction monitoring models, adding World Cup-specific rules covering ticket purchases, lodging, transportation, and cash withdrawals, for example. They should also launch preventive awareness campaigns about fraud and strengthen controls and alerts for unusual transactions, Vera says. Financial institutions should also increase staffing and support capacity during match days to cope with the increased pressure on fraud prevention teams, call centers, claims departments, security monitoring centers, command centers, and field response teams. This capacity boost can help keep response times fast and protect consumers’ funds and the organization’s reputation.
“The key idea is this: During the World Cup, fraud does not increase only because of volume; it increases because consumers are excited, rushed, and less attentive,” Vera says. “That is why mitigation must combine technology, preventive communication, and rapid response.”
Banks should try to coordinate intelligence sharing with authorities, payment processors, card brands, and other financial institutions. But the geographic footprint of this year’s tournament will complicate cross-jurisdictional and cross-departmental coordination between the public and private sectors, and the speed of risk ramps up.
“In this type of event, conditions can shift very rapidly: Protests, mass celebrations, geopolitical tensions, or security incidents can alter the operational environment within minutes,” he says. “For that reason, the risk balance changes because the environment stops being local and becomes regional, dynamic, and simultaneous. The challenge for financial institutions is no longer protecting a single location but maintaining operational resilience within a highly interconnected ecosystem.”
During the World Cup, fraud does not increase only because of volume; it increases because consumers are excited, rushed, and less attentive.
Agassini notes that organizations can outline critical decision structures early on to enable faster and reliable movement during crises or high-stress periods.
“Most institutions must know their critical systems, but what about where critical decisions will be made under pressure?” she asks. “Because we need to keep in mind that everything that happens during this time, it’s going to be under pressure. It’s not like you are going to have a week or even a day to make the decision. Then, who has the authority to make them? What information is required at the moment of the decision?”
If organizations cannot answer those three questions—where decisions will be made, who will make them, and with what information—they have a governance gap that undermines decision velocity and will slow them down during incident response and threat mitigation, Agassini says.
Vera adds, “Institutions should define risk thresholds and response criteria in advance: when to escalate an incident, when to restrict operations, when to close a branch, when to temporarily disable an ATM, when to activate crisis teams, and how to maintain critical functions operating under pressure.
“In summary,” he says, “preparing for an event of this scale does not simply mean strengthening digital or anti-fraud controls; it means adapting the entire organization to operate in an intensified risk environment where financial, cyber, operational, and physical risks occur simultaneously.”
Claire Meyer is editor-in-chief of Security Management. Connect with her on LinkedIn or via email at [email protected].
