2026年FIFA世界杯由美国、加拿大和墨西哥共同主办，在16个城市进行104场比赛，是历史上规模最大的一届。这一规模为网路犯罪分子提供了前所未有的机会，其目标是预估将参与的600万名球迷。在门票销售窗口的前15天内，门票需求便突破纪录，收到超过1.5亿次的申请，使该赛事的超额认购率达到约30倍。这种极高的关注度推动了网路威胁的急剧增加，在2026年1月至5月期间，有超过13,000个以FIFA为主题的域名被注册。TrendAI的Tarek Jammoul报告指出，在首场比赛开始前，这些域名中约有41分之一已被识别为可疑或恶意域名。

网路安全公司观察到，在生成式AI的推动下，诈骗行为出现了急剧增长。Group-IB识别出超过4,300个冒充FIFA官方网站的欺诈性域名，以及六个并行的诈骗方案和四个在赛前运作的独立威胁参与者。诈骗分子利用AI大规模生成高度个人化且精美的网路钓鱼邮件和伪造网站，使得如拼写错误等传统的警示信号失效。Naoris Protocol的David Holtzman指出，足球的娱乐性质降低了人们的防备心。常见的诈骗手段包括虚假门票销售、欺诈性签证服务、住宿方案、仿冒商品以及在公共场所出现的QR码诈骗。

防御者正在利用AI进行模式检测和威胁预测以应对这些威胁。Palo Alto Networks旗下Unit 42的研究员Kristopher Russo强调，应使用防御性AI来预测未来的攻击。此外，全球跨平台的合作至关重要。Meta透过全球信号交换（GSE）和欺诈情报互惠交换（FIRE）等倡议，与Visa合作拆除了Facebook上使用虚假品牌进行宣传的网路。然而，安全专家警告，单靠技术防御是不够的，随著传统验证方法的失效，消费者必须保持警惕。

The 2026 FIFA World Cup, cohosted by the United States, Canada, and Mexico, is the largest in history with 104 matches across 16 cities. This scale presents unprecedented opportunities for cybercriminals, targeting the estimated 6 million fans attending. Ticket demand broke records with over 150 million requests within the first 15 days of the sales window, making the tournament approximately 30 times oversubscribed. This intense interest has driven a massive surge in cyber threats, with over 13,000 FIFA-themed domains registered between January and May 2026. Tarek Jammoul of TrendAI reported that approximately 1 in 41 of these domains had already been identified as suspicious or malicious before a single match commenced.

Cybersecurity firms have observed an astronomical increase in scams, propelled by generative AI. Group-IB identified over 4,300 fraudulent domains impersonating official FIFA pages, alongside six parallel fraud schemes and four independent threat actors. Scammers leverage AI to produce highly personalized, polished phishing emails and spoofed websites at a massive scale, rendering traditional warning signs like typos obsolete. David Holtzman of Naoris Protocol notes that the harmless nature of soccer lowers fans' defenses. Common scams include fake ticket sales, fraudulent visa services, accommodation offers, counterfeit merchandise, and QR code scams in public venues.

Defenders are countering these threats by utilizing AI for pattern detection and threat prediction. Palo Alto Networks' Unit 42 researcher Kristopher Russo emphasizes predicting future attacks using defensive AI. Additionally, global cross-platform collaboration is vital. Meta, working through initiatives like the Global Signal Exchange (GSE) and the Fraud Intelligence Reciprocal Exchange (FIRE), partnered with Visa to dismantle Facebook networks using spoofed branding. However, security experts warn that technological defense alone is insufficient, and consumers must remain vigilant as traditional verification methods fail.