Search...

A phishing campaign related to the FIFA World Cup 2026 has been discovered

Cybersecurity investigations have identified a new phishing campaign conducted under the guise of FIFA World Cup 2026-related promotional giveaways. Threat actors are targeting corporate employees through highly personalized emails designed to deceive recipients into downloading malicious software.

According to available findings, the fraudulent emails claim that recipients are eligible to receive exclusive FIFA World Cup-themed T-shirts as part of an alleged partnership with their employer. Embedded links within these messages are intended to deliver a malware strain known as “Voidrift” to the victim’s device.

Analysis indicates that once a recipient interacts with the malicious link, threat actors may obtain initial access to the organization’s internal network. Such access can subsequently facilitate unauthorized monitoring of corporate activities, theft of sensitive information and compromise of critical user accounts.

 

posts/2026/07/BNaxXwB18w4dR4OSRxsStheCP3hCjsrRmFaeYDDj.png

 

One of the distinguishing characteristics of this campaign is its high degree of personalization. The phishing emails incorporate the recipient’s name, the organization’s name and corporate branding elements, significantly increasing their perceived legitimacy. This approach enhances the effectiveness of targeted social engineering techniques and raises the likelihood of user interaction with malicious content.

The phishing campaign has also been able to successfully bypass a number of widely used email security solutions. The malicious emails were delivered directly to users’ inboxes without being blocked by systems such as Cisco IronPort, Microsoft ATP and Abnormal Security. One of the primary reasons for this is that the “Voidrift” malware is distributed through legitimate web domains.

Once deployed on a system, the malware is optimized to operate covertly. “Voidrift” leaves minimal traces of its activity, making it more difficult for security teams to detect and respond to the infection in a timely manner. Researchers emphasize that traditional email security controls alone are insufficient to prevent campaigns of this nature.

The incident once again demonstrates how cybercriminals actively exploit globally recognized events and topics of widespread public interest for social engineering purposes. In particular, messages offering exclusive rewards or special opportunities are intended to influence users’ decision-making processes through psychological manipulation.

© 2011-2026 All rights reserved