CyberSecurityBoardThreat Intel · CVEs · Products
Cyber Events

FIFA 2026 Cyber Risk: Pre-Tournament Threat Infrastructure Exposed

June 30, 2026

Check Point Research has revealed that threat actors pre-built and staged fraud infrastructure targeting the FIFA World Cup 2026 months before the tournament kicked off on June 11, 2026. The Check Point Exposure Management FIFA World Cup 2026 Cyber Threat Report covers financial services, transportation, hospitality, and gambling sectors, highlighting three critical findings.

First, Proofpoint found that over one-third of official FIFA World Cup 2026 partners lack sufficient DMARC enforcement, enabling domain spoofing. This exposes the massive supply chain of airlines, hotels, broadcast partners, and contractors to email impersonation attacks. Check Point’s attack surface management and digital brand protection capabilities monitor partner ecosystems for authentication gaps.

Second, fake sportsbook apps surged 60 times above baseline, with 64 impersonator app detections in the pre-tournament window compared to zero in the non-tournament baseline. These were concentrated on Google Play, involving at least five distinct developer accounts spoofing multiple brands. Check Point also identified Russian-language Telegram channels operating as fake tipster services, routing followers through referral links to generate affiliate commissions on fraudulent deposits.

Third, fake hotel and travel sites were built two months before kickoff, with April 2026 accounting for 21.9% of FIFA-themed lookalike domain registrations. Hotel and lodging brands represent 56% of these domains, and travel and tour brands another 27%. Registrars like GoDaddy, Hostinger, Namecheap, Porkbun, and IONOS host 56% of fraudulent domains, with the .top TLD accounting for 28% of registrations. Some domains have MX records configured for email-based phishing. Check Point’s phishing and brand protection capabilities achieve a 99% takedown success rate with an average mean time to remediation of 12 hours.

Security teams in financial, travel, hospitality, and gambling sectors should treat the current period as elevated due to pre-positioned threat actor infrastructure.

CVEs: CVE-2026-20245

Companies: Check Point, Proofpoint, GoDaddy, Hostinger, Namecheap, Porkbun, IONOS

Products: Check Point Exposure Management, Check Point Attack Surface Management, Check Point Digital Brand Protection, Check Point Dark Web Monitoring, Check Point Phishing and Brand Protection

Events: FIFA World Cup 2026