Cybersecurity

Buying World Cup tickets? Watch out for the scam wave

By Nath Connell · 27 June 2026

If you're chasing tickets for the 2026 World Cup, slow down before you click. Security researchers are warning of a coordinated wave of phishing, fake ticket sites, fraud and DDoS attacks aimed at the tournament across its host countries, the United States, Canada and Mexico.

Big events are catnip for scammers because the demand is huge, the urgency is real, and millions of people are searching for tickets at once, many of them outside their home country and unsure which sites are legitimate. That's a perfect environment for a convincing fake.

How to not get caught

The rules are dull and they work. Only buy through the official FIFA ticketing channel. Type the address yourself rather than following a link from an email, a social post or an ad. Be suspicious of any deal that's cheaper than it should be or pressures you to pay fast, especially by bank transfer, crypto or gift card. And check the URL character by character, because lookalike domains are the whole game.

It's not only fans in the crosshairs. The same week, researchers reported that attackers had exploited a Cisco Catalyst SD-WAN Manager flaw, tracked as CVE-2026-20245, for months before public disclosure, gaining root-level access. It was later added to the US government's known-exploited-vulnerabilities catalogue. Translation for anyone running that gear: patch it now.

Why it matters

You don't need to follow enterprise security to get hit by this stuff. A fake ticket page costs someone a few hundred quid and a ruined trip. The defence is boredom: official channels, typed addresses, no rushed payments. If a World Cup deal feels too good, that's the feature, not a bargain.