
Report reflects the greatest rise in sports-or-entertainment-themed phishing attacks ever found in the Hoxhunt data
MINNEAPOLIS, July 9, 2026 /PRNewswire/ -- Hoxhunt, the leading Human Risk Management platform, today released the Hoxhunt 2026 FIFA World Cup Phishing Report, revealing a nearly 500% increase in FIFA World Cup 2026-themed phishing attacks from April to June 2026.
Attackers are increasingly exploiting major global entertainment and sporting events as temporal phishing lures for employees, blending malicious messages into the rising volume of legitimate marketing, recruitment, sponsorship, and promotional communications surrounding the World Cup.
Key findings from the report reveal:
Uptick in Phishing Reports from February Through May
- Attackers capitalized on kick-off: Sharpest spike in phishing activity aligned with World Cup kick-off. Low but consistent campaign activity was observed as early as February, with volume accelerating sharply from May onward.
- Increase in FIFA World Cup-themed phishing: Hoxhunt analysis revealed a nearly 500% increase in FIFA World Cup 2026-themed phishing attacks from April to June 2026.
Characteristics of the Dominant Malicious Campaign Types
- Fake FIFA recruitment lures targeting marketing professionals: One dominant campaign type impersonated FIFA World Cup-related recruitment outreach. These messages posed as marketing or event-related job opportunities and were targeted more heavily toward marketing professionals.
- Coca-Cola World Cup prize and bundle scams: The second dominant campaign type impersonated Coca-Cola's World Cup promotion activity. These messages used World Cup excitement and a fake loyalty or prize-bundle offer to lure recipients into clicking a malicious link.
Temporal Phishing Attacks Target Employees Around the Globe
- Widespread, global threat: World Cup 2026 is the most-spoofed entertainment or sporting event ever recorded by Hoxhunt data in phishing campaigns targeting employees. Reported FIFA-themed threats were distributed evenly across regions at a global level.
- Severity of seasonal phishing attacks: Temporal phishing attacks, like these World Cup attacks, according to Hoxhunt phishing simulation data, are 42% more likely to draw clicks than non-temporal simulations.
"Security leaders should start thinking about the calendar the same way they think about the network perimeter," said Mika Aalto, Co-Founder and CEO at Hoxhunt. "With AI enabling localization and polished, multi-chain attacks, every major event now represents a potential spike in social engineering risk. When the threat feed and behavioral telemetry shows attackers hijacking the calendar, awareness and human risk management programs must adapt with it."
Methodology
Hoxhunt analyzed tens of millions of real threat reports submitted by 4M+ Hoxhunt users. For this research, threat data was queried and filtered for FIFA World Cup 2026-themed phishing attacks reported up through June 2026. Results were reviewed by a team of threat analysts to confirm relevance.
To view the report, please visit: https://hoxhunt.com/blog/world-cup-2026-phishing-attacks-surge-500
About Hoxhunt
Hoxhunt is a Human Risk Management platform that helps security leaders and employees join forces to prevent data breaches. Hoxhunt combines AI and behavioral science to consolidate signal data, take timely actions on risky activities, and gamify individualized micro-training experiences that people love. As employees learn to detect and report advanced phishing attacks, operations teams are equipped to respond fast and transform security culture with limited resources. Security leaders shine with outcome-driven metrics to document reduced cybersecurity risk.
Hoxhunt works with leading global companies such as Airbus, Uber, Monster Energy, Qualcomm, Docusign, Nokia, AES, Air Asia, and E.on, and partners with leading global cybersecurity companies such as Microsoft and Deloitte.
Media Contact
Christian Morley
ICR for Hoxhunt
[email protected]
SOURCE Hoxhunt
Share this article