Kaspersky has warned football fans to stay cautious of unofficial streaming and betting platforms during the 2026 World Cup, as cybercriminals are increasingly exploiting tournament excitement. Since the tournament began on June 11, Kaspersky detected at least 336 fake domains mimicking official World Cup websites. One common scam involves fraudulent streaming platforms that promise free match broadcasts. Users are asked to register and then pay a cryptocurrency fee for supposed “lifetime tournament access,” risking both financial loss and theft of personal data. Scammers are also targeting fans through fake betting and match prediction websites. These platforms often request sensitive personal information such as names, email addresses and phone numbers under the pretense of account registration. Such schemes can lead to credential theft, especially for users who reuse passwords across services, as well as financial fraud. Kaspersky advises users to rely only on trusted platforms and remain vigilant online.
“Since the start of the tournament, scammers have increasingly focused on the ways fans engage with the event online, as watching matches today requires only an internet connection and a device. As a result, criminal activity continues to grow, as reflected in the fraudulent websites we observe offering streaming and betting services in multiple languages. We recommend that users stick to official broadcasts to help protect their data and finances,” says Olga Altukhova, Senior Web Content Analyst at Kaspersky.
Attackers are using phishing emails to trick football fans into paying money or clicking malicious links, often by promoting fake football analytics or match prediction services. These emails typically use persuasive language and urgent calls to action to pressure users into responding quickly. In one case, victims were asked to pay A$200 for access to supposed “insider” match-winning insights, which can lead to irreversible financial loss. Kaspersky advises users to verify website authenticity, carefully check URLs and spelling, and only use trusted streaming platforms. They also recommend using reliable security tools to detect phishing attempts, enabling multi-factor authentication, and regularly monitoring accounts for suspicious or unauthorized activity.
