World Cup scams and AI: FIFA 2026 ticket fraud surge

Scammers are using AI-crafted websites, deepfake media and professional-looking emails to sell fake World Cup tickets and services ahead of the FIFA 2026 tournament, security researchers warn. More than 13,000 FIFA-themed domains were registered between January and May 2026, and analysts flagged a significant portion as suspicious by early May.

How are scammers using AI at FIFA 2026?

AI is being used to produce convincing websites, fabricated audio and deepfake videos, and to generate highly personalized phishing at scale, making traditional red flags less reliable. The Wired coverage says AI-generated websites, deepfake videos, fabricated audio and convincing phishing campaigns are helping criminals impersonate legitimate organizations and scale attacks quickly.

Attackers reuse familiar scam categories while polishing them with new tools. The story notes fake ticket sales, fraudulent immigration or visa services, misleading accommodation offers, counterfeit merchandise, and sites impersonating official tournament branding. QR code scams are also on the rise, where malicious codes are placed over legitimate ones in public venues.

How big is the threat right now?

The threat is measurable and already large, with multiple independent indicators showing scale and organization. More than 13,000 FIFA-themed domains were registered between January and May 2026, and by early May roughly one in 41 had already been identified as suspicious or malicious, according to Tarek Jammoul, regional managing director at TrendAI.

Group-IB researchers found more than 4,300 fraudulent domains impersonating FIFA’s official web presence, alongside six parallel fraud schemes and four independent threat actors operating ahead of the tournament. The tournament itself increases the target surface: the United States, Canada and Mexico are cohosting 104 matches across 16 cities, FIFA estimates more than 6 million fans will fill stadiums, and more than 150 million tickets were requested within the first 15 days of the sales window alone, making this edition approximately 30 times oversubscribed compared to previous tournaments.

Spear phishing is a particular danger. Wired explains that attackers harvest personal data from search engines and social media to craft targeted messages, which AI now helps produce at massive scale, increasing both volume and plausibility.

Why it matters

The scale and polish of these scams raise the cost of vigilance for fans and platforms. AI shortens the time and skill needed to create professional scams, so traditional cues like awkward language or poor design no longer reliably distinguish fraud. That forces ticket buyers, accommodation bookers and merchants to rely more on verified channels and cross-platform defenses.

Platforms and security firms are responding with automated detection and industry collaboration, but those defenses must match attackers using the same tooling. Meta cites work via the Global Signal Exchange and Fraud Intelligence Reciprocal Exchange and says, "Through collaboration with Visa via the GSE, we helped identify and take action against a network on Facebook that was using spoofed branding and promoting fake offers designed to mislead people into sharing personal or financial information," Basma Ammari, director of public policy MENA at Meta, told Wired.

What to watch

Watch for public takedowns and platform enforcement ahead of kickoff and for whether identification rates for suspicious domains improve after coordinated action. A useful short-term signal will be whether companies and law enforcement reduce the share of newly registered FIFA-themed domains flagged as malicious after May, and whether Group-IB or TrendAI track fewer active fraudulent domains as the tournament progresses.