FIFA World Cup 2026 Cyber Threat and Risk Outlook

The FIFA World Cup 2026 will span 16 venues across the United States, Mexico, and Canada, with matches running for 39 days from June 11 to July 19. MetLife Stadium in East Rutherford, New Jersey, will host eight matches, including the Tournament final.

Major international sporting events have become prime targets for cyber threat actors, as evidenced by attacks on the FIFA World Cup 2022 in Qatar, UEFA Euro 2024 in Germany, the 2024 Summer Olympics in Paris, and other past global events. Historical cyber threat activity targeting global events including (but not limited to) malware infection (including destructive wiper malware), distributed denial-of-service (DDOS) attacks, phishing campaigns, malicious mobile applications, fraudulent ticketing websites, account credential exposure, unauthorized access, ransomware attacks, Deepfake AI-generated content, disinformation campaigns, and more.

As early as August 2025, there have been a surge in domain registrations tied to the upcoming FIFA World Cup 2026. These domains, often masquerading as legitimate ticketing portals, merchandise outlets, or live-stream platforms, serve as precursors to cyber campaigns designed to harvest credentials, distribute malware, and siphon financial data.

It is likely that cyber threat activity related to the FIFA World Cup 2026 will be similar to observed activity during previous global events, with social engineering schemes, ransomware attacks, and nation-state targeting. Deepfake technology and other AI-generated content may be used to spread disinformation, cause confusion, incite panic, or attempt to exercise political influence. While the match venues are potential targets of cyber threats, threat actors may also target critical infrastructure supporting the World Cup, such as energy and water utilities, to impact the tournament or as part of a larger cyber operation.

Linden residents should be on high alert for FIFA World Cup 2026 scams, including fake ticket sales, counterfeit merchandise, and phishing attempts. Protect yourself by only using official, verified websites for any purchases or information, and never click on links from unsolicited emails or texts.