TL;DR: Travel fraud targeting airline bookings rises during the 2026 FIFA World Cup, with fake booking sites, airline impersonation, and social messaging scams exploiting urgency and scarcity, according to Riskified. The pattern shows why identity verification, channel trust, and fraud controls must work together when travel demand spikes.
NHIMG editorial — based on content published by Riskified: World Cup travel fraud awareness and the #TogetherAgainstCyberfraud campaign
By the numbers:
- During the 2022 FIFA World Cup in Qatar, cybersecurity researchers reported hundreds of millions of attempts to access fraudulent travel-related websites.
Questions worth separating out
Q: How should security teams reduce travel booking fraud during major events?
A: Security teams should combine verified-channel controls, impersonation monitoring, and event-aware risk scoring.
Q: Why does travel fraud increase around major sporting events?
A: Fraud increases because attackers exploit urgency, scarcity, and heightened intent.
Q: What do teams get wrong about fake booking websites?
A: Teams often treat fake booking sites as a simple web abuse problem, when they are really a trust and identity problem.
Practitioner guidance
- Strengthen verified-channel controls Require customers to reach booking and payment pages through official airline domains, verified apps, or regulated agencies, and monitor for lookalike domains and impersonation campaigns.
- Tune fraud models for event surges Adjust risk thresholds during major events so urgency, scarcity, and rapid conversion patterns are treated as risk signals rather than normal high-intent behaviour.
- Share trust signals across fraud and identity teams Connect brand monitoring, domain abuse telemetry, customer support alerts, and payment fraud signals so a fake booking campaign can be blocked across channels.
What's in the full analysis
Riskified's full article covers the campaign detail this post intentionally leaves for the source:
- The cross-industry awareness effort behind #TogetherAgainstCyberfraud and how aviation stakeholders are coordinating messaging.
- The specific traveller guidance used to distinguish official airline sites, verified applications, and regulated travel agencies.
- The campaign context around why major sporting events create unusually fertile conditions for impersonation and booking fraud.
- The full source references the 2022 World Cup fraud volume that illustrates how large the attack surface becomes during global events.
👉 Read Riskified's report on World Cup travel fraud and verified booking channels →
World Cup travel fraud - what should identity and fraud teams do?
Explore further
Digital trust is now a control surface, not a branding concern. Travel fraud succeeds when users cannot reliably distinguish official channels from convincing copies. That means identity verification, domain reputation, and communication authenticity must be treated as operational controls, not marketing hygiene. For practitioners, the boundary between fraud and identity governance is where prevention now has to live.
A question worth separating out:
Q: Who is accountable when travel fraud slips through official and unofficial channels?
A: Accountability usually sits across fraud, digital identity, brand protection, and customer operations. If official channels are not clearly verifiable, or if warnings are placed too late in the journey, the organisation has a governance gap. Regulators and industry bodies increasingly expect clear channel-authentication practices and consumer protection controls.
👉 Read our full editorial: World Cup travel fraud is exposing digital trust gaps in booking