Skip to main content
Emerging Threats

World Cup Scams Target Security Leaders with AI-Driven Threats

Person in stadium seat holds smartphone with blank screen amidst excited crowd.

"When employees use their corporate devices, accounts or AI agents for personal activities such as hunting for World Cup tickets, booking travel or browsing personal emails, they become directly susceptible to the event-driven scams," warned Pascal Geenans, VP of Cyber Threat Intelligence for Radware.

Radware warns of a fraught convergence ahead of the 2026 World Cup

Radware’s recent threat alert frames the 2026 World Cup as more than a busy sporting event: it is a high-profile target in a moment of what the company calls the “convergence of geopolitical instability, hyper-connectivity and critical infrastructure interdependence.” That convergence, Radware argues, amplifies the potential impact of cyber incidents and makes effective cybersecurity planning “paramount for this year’s event.”

The report emphasizes political motives, noting the tournament’s far-reaching audience as attractive to politically-motivated attackers, and warns that interdependent digital systems could propagate failures across broadcasting, transportation and hospitality if a third-party vendor experiences a security breakdown.

Generative AI and deepfakes as likely scam tools

Radware identifies generative AI and deepfakes as probable tools for scammers seeking to exploit World Cup excitement. The advisory specifically warns these technologies will “likely be leveraged to scam fans,” elevating the sophistication of messages and media that users may trust.

The implication for defenders is that traditional visual or voice cues may no longer be reliable signals of authenticity, increasing the importance of technical controls and verification processes for communications tied to tickets, visas, travel and other event logistics.

Vendor, volunteer and insider risk for sponsors, broadcasters and suppliers

The report highlights several pathways by which organizations that are not direct event hosts could still be harmed. Organizations across North America may become collateral targets because of their “integration into the World Cup’s digital and physical supply chains.”

Radware stresses that the threat profile grows if temporary or voluntary staff are onboarded to support the event: “Temporary workforces often come with the risk of inadequate cyber hygiene as well.” More broadly, the company warns that an employee who falls for a scam on a corporate device or account can convert an external attacker into an insider threat, enabling lateral movement and access to private systems.

Concrete protections: purple teams, phishing-resistant MFA, DMARC and DDoS strategies

The advisory lays out specific defensive measures for security leaders. Recommended actions include:

  • Manage insider and vendor risk
  • Leverage behavioral and hybrid DDoS protection methods
  • Monitor for disinformation, particularly around infrastructure failures or incidents that could incite panic
  • Assemble a cybersecurity emergency response plan
  • Audit networks and secure access points
  • Enact comprehensive web application and API security

Black Duck’s Collin Hogue-Spears adds a tight operational timeline and a practical checklist: “Security leaders at sponsors, broadcasters, and their suppliers have a month to run purple-team exercises against identity and email paths, implement phishing-resistant MFA on every vendor and volunteer account, and enforce DMARC in full on every owned domain.” Hogue-Spears frames counterfeit ticket emails as a failure of basic hygiene rather than of sophisticated adversaries: “If a company’s brand shows up in a counterfeit ticket email in June, they did not lose to a sophisticated adversary. They lost to a checklist you did not finish.”

How technologists, procurement leaders, and fans should respond

Technologists and security teams should prioritize identity and email path testing, deploy phishing-resistant multi-factor authentication across vendor and volunteer accounts, and enforce domain-level email protections such as DMARC, per Black Duck’s guidance. They should also consider behavioral and hybrid approaches for DDoS protection and run tabletop or purple-team exercises against likely attack chains.

Procurement and supplier managers must treat third parties as potential vectors into broadcasting, transportation and hospitality systems. The Radware advisory stresses that a security failure at a single third-party vendor could affect essential event operations, so tighter vendor vetting and contractual security requirements are advised.

End users—employees, volunteers and fans—are called out directly by Radware’s analysis: personal use of corporate devices for ticket searches, travel bookings or email can expose entire organizations. That single click or compromised AI agent on a work laptop can turn a phishing victim into an unwitting facilitator of broader compromise.

The clock is explicit in the sources: defenders have limited time to complete practical exercises, tighten identity controls and close obvious gaps. The question left by the record is simple and concrete: will sponsors, broadcasters and their supply chains finish the checklist before the event amplifies the consequences of any remaining oversights?

Original story