World Cup 2026 Security Shortfall: Over a Third of Official Partners Expose Fans to Fraud
Amsterdam, Tuesday 14 April 2026
A new Proofpoint report reveals that 36% of official World Cup 2026 partners lack essential email security, leaving fans and corporate networks highly vulnerable to sophisticated phishing and fraud.
The Cybersecurity Gap in Global Sports
As the countdown to the 2026 FIFA World Cup, scheduled to run from 11 June to 19 July 2026, accelerates, the digital perimeter of its official network is under intense scrutiny [2]. On 14 April 2026, cybersecurity and compliance firm Proofpoint published an analysis revealing that 36% of the tournament’s official sponsors, partners, and suppliers lack adequate email security measures to thwart domain spoofing [1][2][3]. The research, which evaluated 25 domains associated with the event in February 2026, highlights a concerning vulnerability in the digital infrastructure supporting one of the world’s most lucrative sporting spectacles [2].
The Threat to Fintech and the Digital Economy
Cybercriminals are increasingly adept at capitalising on the immense global interest surrounding major sporting events, deploying sophisticated social engineering scams that target fans [1][2]. Loïc Guézo, Proofpoint’s cybersecurity strategy director for Southern Europe, notes that the anticipation surrounding the World Cup generates a surge in digital transactions, from travel bookings and ticketing to merchandise sales [2]. This highly digitalised commercial environment creates lucrative opportunities for bad actors to impersonate trusted brands [2]. Without robust DMARC enforcement, fraudsters can easily deceive individuals into sharing sensitive personal data or authorising fraudulent payments through fintech platforms [2]. Consequently, security experts strongly advise fans to purchase tickets directly from FIFA and remain vigilant against unsolicited communications [2].