Thousands of fans are expected to attend the World Cup 2026, and many are already handling their travel logistics, purchasing their flights and other transport tickets, booking accommodation, and arranging everything they need to reach the host cities. As interest grows, so does the number of fraudulent schemes that exploit the fact that fans are actively preparing for their upcoming journey.
Kaspersky experts explain which online offers travellers should be cautious of when planning their trip, to avoid spoiling their experience ahead of the upcoming games.
Cybercriminals are also targeting businesses and entrepreneurs at the intersection of the travel industry, which is also involved in the event. Given the high demand for short-term rentals during the tournament, property owners have become an attractive target for scams. For example, a fake website was discovered requesting account credentials for a well-known platform. In this way, scammers attempt to gain access to property owner accounts, potentially resulting in unauthorised withdrawals and financial losses.
Another common scheme involves fraudsters attempting to extract money from organisations by posing as representatives of well-known airlines and offering fictitious business partnerships. In these emails, they claim to be launching new projects or business expansion initiatives and state that they are actively seeking suppliers or contractors. If a company representative responds to such an offer, the scammers typically escalate the deception in a subsequent stage. To enhance credibility, they send forged documents for completion and signature, including supplier registration forms and non-disclosure agreements.
To avoid falling victim to such threats, Kaspersky advises users to:
- Check the authenticity of websites before entering personal data. Double-check URL formats and organizations name spellings.
- Always choose official and reputable ticket platforms to protect your personal data from theft and misuse.
- Double-check transport websites before filling out any information: is the URL correct? Are there any spelling errors or design bugs?
- Use a reliable security solution that identifies malicious attachments and blocks phishing links. To ensure advanced cyber protection against increasingly complex phishing threats.
- Enable multi-factor authentication and monitor accounts: Activate 2FA on IDs and financial apps and regularly review statements for unauthorised activity.
