Kaspersky experts explain which online offers travelers should be cautious of when planning their trip, to avoid spoiling their experience ahead of the upcoming games. Thousands of fans are expected to attend the World Cup 2026, and many are already handling their travel logistics, purchasing their flights and other transport tickets, booking accommodation, and arranging everything they need to reach the host cities. As interest grows, so does the number of fraudulent schemes that exploit the fact that fans are actively preparing for their upcoming journey.
Phantom prize
In late April 2026, Kaspersky experts detected a campaign exploiting the branding of a well-known transport app, targeting users in Mexico. The interface of a fake Spanish-language website, impersonating one of the services, prompts users to enter their phone number and password in order to “claim prizes.” In reality, the attackers are mimicking a trusted brand and attempting to steal users’ credentials from those lured by the promise of a reward.
Ticket to Nowhere
Some cybercriminals go “a level lower” and post their offers on the dark web. Kaspersky Digital Footprint Intelligence experts discovered a thread advertising such services, published on a shadow forum in March 2026. The listings included offers for discounted airline tickets, hotel bookings, and match tickets, allegedly at 20% off the original price. These offers are designed to lure users and can be highly dangerous, ultimately resulting in victims losing both their money and any services they expected to receive.
Cybercriminals are also targeting businesses and entrepreneurs at the intersection of the travel industry, which is also involved in the event. Given the high demand for short-term rentals during the tournament, property owners have become an attractive target for scams. For example, a fake website was discovered requesting account credentials for a well-known platform. In this way, scammers attempt to gain access to property owner accounts, potentially resulting in unauthorized withdrawals and financial losses.
Another common scheme involves fraudsters attempting to extract money from organizations by posing as representatives of well-known airlines and offering fictitious business partnerships. In these emails, they claim to be launching new projects or business expansion initiatives and state that they are actively seeking suppliers or contractors. If a company representative responds to such an offer, the scammers typically escalate the deception in a subsequent stage. To enhance credibility, they send forged documents for completion and signature, including supplier registration forms and non-disclosure agreements.
The ultimate objective of the fraudsters in this scheme is to induce the organization to pay a so-called “deposit,” ostensibly required to secure a priority position in a partner selection list. According to the claims made in the fraudulent communications, this payment would later be fully refunded once the partnership is formally established. In reality, this promise is entirely deceptive. The perpetrators simply appropriate the funds, and no reimbursement is ever made to the victim organization.
“The travel sector, particularly when it intersects with major events, is a persistent target for a wide range of scams and fraudulent schemes. For end users, it is often difficult to distinguish at first sight between a legitimate website and a spoofed one, or between genuine marketing communications from a reputable service and scam emails. We therefore advise treating overly attractive offers with a high degree of caution in order to protect your personal data and financial resources,” says Anna Lazaricheva, senior spam analyst at Kaspersky.
