As the 2026 World Cup approaches, it’s likely that cybercriminals will increase scam activity to take advantage of the excitement surrounding the event. A recent threat alert from Radware warns that the “convergence of geopolitical instability, hyper-connectivity and critical infrastructure interdependence” creates an environment in which effective cybersecurity is paramount for this year’s event. 

Key insights from the report include: 

• The tournament’s notable reach makes it an attractive target for politically-motivated attackers. 
• Interdependent digital systems may lead to widespread risks; for instance, a security failure at one third-party vendor could freeze essential event operations such as broadcasting, transportation and hospitality. 
• Generative AI and deepfakes will likely be leveraged to scam fans. 

Why does this matter for security leaders? If even one employee falls for a scam on a work device, the entire organization could be at risk. 

“When employees use their corporate devices, accounts or AI agents for personal activities such as hunting for World Cup tickets, booking travel or browsing personal emails, they become directly susceptible to the event-driven scams,” warns Pascal Geenans, VP of Cyber Threat Intelligence for Radware. “If an employee falls for a phishing link, a fraudulent visa site hosting malware or their AI agent gets compromised by an indirect prompt injection on a work laptop, they aren’t just risking their own personal data. That compromised device effectively turns an external attacker into an insider threat. Because the attacker inherits the employee’s legitimate access, they can bypass standard perimeter defenses, access private and confidential data, move undetected through the system and potentially move laterally across the network and into core corporate systems.”

The report further warns that organizations across North America may be collateral targets due to “integration into the World Cup’s digital and physical supply chains.” In the event that organizations may be onboarding temporary, voluntary staff to accommodate the event, the insider risk profile grows. Temporary workforces often come with the risk of inadequate cyber hygiene as well. 

Advice for Organizations 

• Manage insider and vendor risk 
• Leverage behavioral and hybrid DDoS protection methods
• Monitor for disinformation, especially in relation to infrastructure failures or other incidents that may incite panic 
• Assemble a cybersecurity emergency response plan
• Audit networks and secure access points
• Enact comprehensive web application and API security

“Security leaders at sponsors, broadcasters, and their suppliers have a month to run purple-team exercises against identity and email paths, implement phishing-resistant MFA on every vendor and volunteer account, and enforce DMARC in full on every owned domain,” says Collin Hogue-Spears, Senior Director of Solution Management at Black Duck. “If a company’s brand shows up in a counterfeit ticket email in June, they did not lose to a sophisticated adversary. They lost to a checklist you did not finish.”