Kaspersky experts explain which online offers travelers should be cautious of when planning their, to avoid spoiling their experience ahead of the upcoming games.
Thousands of fans are expected to attend the World Cup 2026, and many are already handling their travel logistics, purchasing their flights and other transport tickets, booking accommodation, and arranging everything they need to reach the host cities. As interest grows, so does the number of fraudulent schemes that exploit the fact that fans are actively preparing for their upcoming journey.
Phantom prize
In late April 2026, Kaspersky experts detected a campaign exploiting the branding of a well-known transport app, targeting users in Mexico. The interface of a fake Spanish-language website, impersonating one of the services, prompts users to enter their phone number and password in order to “claim prizes.” In reality, the attackers are mimicking a trusted brand and attempting to steal users’ credentials from those lured by the promise of a reward.
Example of a fraudulent website impersonating a popular service
Ticket to Nowhere
Some cybercriminals go “a level lower” and post their offers on the dark web. Kaspersky Digital Footprint Intelligence experts discovered a thread advertising such services, published on a shadow forum in March 2026. The listings included offers for discounted airline tickets, hotel bookings, and match tickets, allegedly at 20% off the original price. These offers are designed to lure users and can be highly dangerous, ultimately resulting in victims losing both their money and any services they expected to receive.
Example of an advertisement for services on the darknet exploiting the World Cup
Entrepreneurs and property owners also in the crosshairs
Cybercriminals are also targeting businesses and entrepreneurs at the intersection of the travel industry, which is also involved in the event. Given the high demand for short-term rentals during the tournament, property owners have become an attractive target for scams. For example, a fake website was discovered requesting account credentials for a well-known platform. In this way, scammers attempt to gain access to property owner accounts, potentially resulting in unauthorized withdrawals and financial losses.
Another common scheme involves fraudsters attempting to extract money from organizations by posing as representatives of well-known airlines and offering fictitious business partnerships. In these emails, they claim to be launching new projects or business expansion initiatives and state that they are actively seeking suppliers or contractors. If a company representative responds to such an offer, the scammers typically escalate the deception in a subsequent stage. To enhance credibility, they send forged documents for completion and signature, including supplier registration forms and non-disclosure agreements.
The ultimate objective of the fraudsters in this scheme is to induce the organization to pay a so-called “deposit,” ostensibly required to secure a priority position in a partner selection list. According to the claims made in the fraudulent communications, this payment would later be fully refunded once the partnership is formally established. In reality, this promise is entirely deceptive. The perpetrators simply appropriate the funds, and no reimbursement is ever made to the victim organization.
“The travel sector, particularly when it intersects with major events, is a persistent target for a wide range of scams and fraudulent schemes. For end users, it is often difficult to distinguish at first sight between a legitimate website and a spoofed one, or between genuine marketing communications from a reputable service and scam emails. We therefore advise treating overly attractive offers with a high degree of caution in order to protect your personal data and financial resources,” says Anna Lazaricheva, senior spam analyst at Kaspersky.
To avoid falling victim to such threats, Kaspersky advises users to:
• Check the authenticity of websites before entering personal data. Double-check URL formats and organizations name spellings.
• Always choose official and reputable ticket platforms to protect your personal data from theft and misuse.
• Double-check transport websites before filling out any information: is the URL correct? Are there any spelling errors or design bugs?
• Use a reliable security solution that identifies malicious attachments and blocks phishing links. To ensure advanced cyber protection against increasingly complex phishing threats, Kaspersky actively amplifies its consumer solutions with AI-powered scam protection. In 2025, Kaspersky Premium once again received the annual ‘Approved’ certification in Anti-phishing tests by the leading testing lab AV-Comparatives, highlighting the product’s strong, AI enhanced anti phishing capabilities.
• Enable multi-factor authentication and monitor accounts: Activate 2FA on IDs and financial apps and regularly review statements for unauthorized activity.
If you are a business owner:
• Secure your corporate email with Kaspersky Security for Mail Server’s multi-layered defence
• Implement Kaspersky Security Awareness trainings to build a resilient internal cybersecurity culture and protect your employees.
• Use solutions from the Kaspersky Next product line that provide real-time protection, threat visibility, investigation and response capabilities of EDR and XDR for organizations of any size and industry.
