KnowBe4 warns of World Cup scam surge ahead of 2026

KnowBe4 has warned football fans about a rise in World Cup-related online scams targeting ticket sales, travel bookings and visa applications.

The alert focuses on the men's 2026 World Cup, which will be hosted across the United States, Canada and Mexico. According to KnowBe4, the tournament's scale and cross-border travel requirements are creating more opportunities for phishing attacks, fake booking sites and fraudulent payment requests.

One of the main risks is ticket fraud. Scammers are offering printed tickets and PDF documents through social media and secondary marketplaces, even though official tournament tickets are expected to be digital through FIFA's app-based system.

KnowBe4 said paper tickets do not exist for the tournament and noted that dynamic QR codes were used at the previous World Cup, refreshing regularly to prevent screenshots from being reused. Any seller offering to email a PDF ticket should be treated as fraudulent.

Visa confusion

Travel documentation is another area of concern. With matches taking place in three countries, criminals are exploiting confusion around entry rules by creating websites that claim to offer special World Cup visas for a fee.

There is no dedicated tournament visa, and travellers remain subject to the normal entry requirements of the United States, Canada and Mexico. Fans are being urged to rely on official government sources when checking visa and border rules.

Fake bookings

Accommodation scams are also expected to rise as hotel rooms in host cities become harder to find. Cloned travel and hotel booking sites are being used to mimic established brands while capturing card details and deposits.

These websites can be difficult to spot because they often closely resemble legitimate platforms, with only minor changes in the web address. Requests for payment through Zelle, wire transfer or cryptocurrency are a strong warning sign, as established booking platforms do not typically require those methods.

The alert also points to a likely increase in phishing emails and direct messages offering free tickets, travel packages or hospitality upgrades. These messages typically try to persuade users to click a verification link, hand over login credentials or disclose personal information.

Unsolicited prize notifications should be treated with scepticism, especially if the recipient did not enter a competition through an official sponsor. Users are advised not to click links in unexpected emails or messages tied to the tournament.

Javvad Malik, lead CISO adviser at KnowBe4, said the broader lesson was to stay proactive about online safety.

"Online safety during a busy event requires a proactive rather than reactive mindset. Protecting your personal data starts with using secure, private connections and official applications. By refusing to engage with unsolicited offers and unverified third-party vendors, you remove the primary leverage cybercriminals use to exploit travelers," Malik said.

The guidance reflects a familiar cyber crime pattern in which major sporting events attract waves of impersonation, fake offers and social engineering attacks aimed at consumers making rushed purchases. Large international tournaments create ideal conditions for fraud because demand is high, supply is tight and fans are often under pressure to make quick decisions on travel and accommodation.

In this case, urgency is a central tactic. Fraudsters use limited-time deals and underpriced offers to push people into acting before they verify a website, ticket seller or payment request.

That pressure can be especially effective when fans are looking for seats close to kick-off or trying to secure scarce hotel rooms in host cities. A small discrepancy in a website address or a request to move payment off-platform can be enough to signal a scam, but those signs are often missed when buyers fear losing the deal.

KnowBe4's advice is straightforward: buy tickets only through the official FIFA ticketing channel, check travel rules on government websites, examine web addresses carefully before entering payment details and avoid any seller who asks for unconventional payment methods. Users should also rely on official apps and secure private connections when accessing bookings or entering personal information.

The company said the aim of these scams is to catch consumers off guard through pressure and confusion, rather than technical sophistication alone.