Training
Featured CourseView All Courses

SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

SEC595Cyber Defense, Artificial Intelligence
SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
View course detailsRegister
Get a Free Hour of SANS Training

Experience SANS training through course previews.

Learn More
Learning Paths
FeaturedView all Focus Areas
NEW - AI Security Training
Can't find what you are looking for?

Let us help.

Contact us
Free Resources

SANS Community Benefits

Connect, learn, and share with other cybersecurity professionals

Customer Case Studies

Discover how organizations and individual cyber practitioners use SANS training and GIAC certifications

AI Risk & Readiness

Explore expert-driven guidance, training, and tools to help defend against AI-powered threats and adopt AI securely

Join the SANS Community

Become a member for instant access to our free resources.

Sign Up
For Organizations

Public Sector

Mission-focused cybersecurity training for government, defense, and education

Partnerships

Explore industry-specific programming and customized training solutions

Sponsorship Opportunities

Sponsor a SANS event or research paper

Interested in developing a training plan to fit your organization’s needs?

We're here to help.

Contact Us
Group Purchasing
Group Purchasing
Authored byKaryn DiMassa
Karyn DiMassa
Jump to:

A Chance of a Lifetime – Stolen

Diego had waited years for this moment. The 2026 World Cup was finally here, and for the first time ever he had both the time and money to attend in person. When he saw a post on social media offering "last-minute official tickets" to a sold-out match, he felt lucky. The seller claimed to work with an authorized distributor and even shared what looked like a confirmation email from the tournament organizers.

The price was high, but not outrageous. The seller warned him that tickets were "almost gone," and that several buyers were already interested. Not wanting to miss his chance, Diego transferred the money through an instant payment app.

The tickets never arrived. The seller's account disappeared. The website linked in the message was taken down within days. Diego didn't just lose money, he missed out on the chance to attend a once-in-a-lifetime event.

Why Major Sporting Events Attract Scammers

Global events like the World Cup create a perfect storm for scams. There is massive demand for tickets, travel, merchandise, and streaming access. People are excited, emotionally invested, and often acting quickly. The combination of urgency and emotion makes it easier for attackers to manipulate victims.

Criminals understand human behavior. They know that when something is scarce, people feel pressure to act fast. They know when millions of people are searching online for the same thing, fake websites and phishing messages can easily blend in. Attackers consistently exploit urgency, fear, and excitement to push people into making quick decisions that lead to financial and personal losses.

What These Attacks Look Like

Fake Ticket Sales: Criminals create professional-looking websites or social media posts that appear legitimate. Some copy official branding and logos, while others purchase online advertisements so their fake sites appear at the top of search results. Victims pay for tickets that are never delivered, or they receive digital tickets that fail at the stadium entrance. Often, payment is requested through wire transfers, cryptocurrency, or peer-to-peer apps, which are difficult to reverse.

Urgent Messages: You receive emails or text messages claiming to be from tournament organizers, airlines, hotels, or streaming services. These messages often warn that your ticket purchase failed or that your booking will be canceled unless you confirm payment immediately. These messages are crafted to look urgent and legitimate to entice the buyer to act quickly without thinking logically. The link ultimately leads to a fake login page designed to steal your credentials. Just as with other scam campaigns, attackers rely heavily on urgency and the fear of losing access.

Streaming Scams: Criminals create fake platforms offering "free live coverage" of matches. To watch, you are asked to create an account and enter payment details. Instead of viewing the match, you may unknowingly install malware or have your financial information stolen.

Bad Merchandise: Even merchandise and giveaways become tools for exploitation. For example, fake contests can promise official jerseys or exclusive prizes in exchange for personal information. Counterfeit online stores can sell discounted gear but either ship low-quality fakes or nothing at all.

How to Protect Yourself

The good news is that these scams are preventable if you slow down and verify before acting. Only purchase tickets, travel, and merchandise from official partners or well-known vendors. Instead of clicking links in emails, social media posts, or other unverified media, type the official website address directly into your browser or use a trusted mobile app. Bookmark legitimate sites once verified so you return to the correct location each time.

Be especially cautious with any message that pressures you to act immediately. Scammers depend on speed. If you receive a warning about a canceled booking or failed payment, do not click the link. Instead, independently contact the company using verified contact information.

Finally, be wary of unusual payment methods. Requests for cryptocurrency, wire transfers, or gift cards should immediately raise concern. Legitimate vendors rarely require these forms of payment. In addition, major credit cards or well-known electronic payment systems like PayPal provide you with additional forms of purchase protection. Be cautious in your purchases and actions; cyber criminals thrive on rushing people into making mistakes.

Resources