Hackers are convincing Meta’s AI support chatbot to let them take over other peoples’ accounts:
A video posted on X showed the step-by-step process to hack someone’s Instagram account. The hacker allegedly used a VPN to spoof the targets’ presumed location to avoid triggering Instagram’s automated account protections. Then, the hacker opened a chat with Meta AI Support Assistant and asked the bot to add a new email address to the target’s account. The chatbot can be seen sending a verification code to the email address provided by the hacker; the hacker then shares the verification code with the chatbot, which prompts the chatbot to show a button to “Reset Password.” The hacker enters a new password and takes over the victim’s account.
[…]
On Monday, Instagram spokesperson Andy Stone said in a reply to Wong’s post and others that the issue was now fixed. It’s unclear how many Instagram users had their accounts improperly accessed.
It’s not that easy. Probably this particular tactic is now blocked. But there are others, many others, and they cannot be blocked as a class. The real problem is that LLM chatbots are not trustworthy enough for this application.
As part of their 20th Anniversary celebration, Dark Reading asked five cybersecurity industry leaders who wrote blogs or columns for them over the years to select their favorite piece and share their reflections on the topic today. This is my section.
Renowned technologist and author Bruce Schneier contributed a column on June 20, 2010, warning about cryptography’s inability to secure modern networks, a point he says he has been trying to argue since 2000.
“For a while now, I’ve pointed out that cryptography is singularly ill-suited to solve the major network security problems of today: denial-of-service attacks, website defacement, theft of credit card numbers, identity theft, viruses and worms, DNS attacks, network penetration, and so on.
“Recently, I talked to a former NSA employee at a conference. He told me that back in the 1990s, he had a copy of my book Applied Cryptography by his desk, as did many other cryptographers working at Ft. Meade. People were allowed to refer to it, but they were not allowed to cite it.
“The 1990s were an important decade for cryptography. This was before the internet went mass market, when cryptography was just emerging from a niche academic discipline to a mainstream engineering one. There wasn’t much that programmers could read. The NSA used my book for the same reason it became a bestseller: because it collected all the academic cryptography of the time in one place and made it understandable to people who weren’t mathematicians. They feared it for exactly the same reason.
“I’ve been thinking about that conversation as I revisit a 2010 essay I wrote for Dark Reading, ‘The Failure of Cryptography to Secure Modern Networks.’ Cryptography has inherent mathematical properties that greatly favor the defender. Adding a single bit to the length of a key adds only a slight amount of work for the defender but doubles the amount of work the attacker has to do. Doubling the key length doubles the amount of work the defender has to do (if that—I’m being approximate here) but increases the attacker’s workload exponentially. For many years, we have exploited that mathematical imbalance.
“Computer security is much more balanced. There’ll be a new attack, and a new defense, and a new attack, and a new defense. It’s an arms race between attacker and defender. And it’s a very fast arms race. New vulnerabilities are discovered all the time. The balance can tip from defender to attacker overnight, and back again the night after. Computer security defenses are inherently very fragile.
“That isn’t a new idea. I said much the same thing in the preface to my 2000 book, Secrets and Lies:
“‘Cryptography is a branch of mathematics. And like all mathematics, it involves numbers, equations, and logic. Security, real security that you or I might find useful in our lives, involves people: things people know, relationships between people, people and how they relate to machines. Digital security involves computers: complex, unstable, buggy computers.’
“I especially like how I phrased it in 2016: ‘Cryptography is harder than it looks, primarily because it looks like math. Both algorithms and protocols can be precisely defined and analyzed. This isn’t easy, and there’s a lot of insecure crypto out there, but we cryptographers have gotten pretty good at getting this part right. However, math has no agency; it can’t actually secure anything. For cryptography to work, it needs to be written in software, embedded in a larger software system, managed by an operating system, run on hardware, connected to a network, and configured and operated by users. Each of these steps brings with it difficulties and vulnerabilities.’
“It’s a lesson we have all learned over the decades. Cryptography is still necessary for cybersecurity—although I wouldn’t have used that word back then—but is not sufficient. There are particular attack and forms of mass surveillance that cryptography prevents. But as computers have infused throughout our lives, and networks have connected all those computers, those aspects of cybersecurity have become increasingly important, and vulnerable.
“Today, the cybersecurity world is changing yet again, this time due to the capabilities of artificial intelligence. AI isn’t advancing cryptography, but it’s changing cybersecurity. AI has demonstrated a superhuman ability to find vulnerabilities in software and to write exploits. A similar ability to write patches is probably coming. This has profound implications for both attackers and defenders, and it is unclear who will win the particular arms race in a world of what I call instant software.”
An anonymous security researcher called “Nightmare Eclipse” has been publishing a series of significant security exploits against Microsoft Windows—including one that breaks BitLocker. Microsoft has threatened legal action against the researcher. Lots of recriminations are being traded back and forth.
McAfee Labs has discovered a massive, ongoing malware campaign called WeedHack that disguises itself as free Minecraft mods and game clients to infect players’ computers. Since January 2026, it has logged more than 116,000 victim infections, averaging 2,000 to 3,000 new hits every single day.
What makes WeedHack different from most malware is how cheap and easy it is to use.
Typically, a hacker would pay hundreds of dollars per month to access attack tools through underground criminal networks. WeedHack offers a free version to anyone with a Discord account and an internet connection. A premium upgrade, which includes the ability to secretly watch victims through their own webcam, starts at just $5 a month.
This low barrier has attracted a younger crowd of would-be attackers, many of them appear to be teenagers or young adults. Our researchers were startled to discover teens using these tools not just for financial theft, but to harass and bully their peers, a pattern we’ve documented and that makes this campaign especially concerning.
The good news for McAfee users: Web Protection actively blocks the sites distributing WeedHack, and Threat Explainer tells you exactly why a flagged file is dangerous, so you’re never left guessing.
Key Facts at a Glance
What
Details
Campaign name
WeedHack
Active since
January 2026
Total victims logged
116,464+
New infections per day
~2,000–3,000
Malicious files discovered
3,820+ unique files
Malicious download URLs
240+
Free tier available?
Yes. Anyone can sign up
Premium price
Starting at $5/month; $24.99 lifetime
Who is being targeted
Minecraft players worldwide
Most affected country
United States, followed by Germany, India, the UK, Italy, and others
What attackers can access
Once installed, it can steal passwords, hijack accounts, and, for paying customers, it can give the attacker live access to the victim’s screen, webcam, and files.
The financial impact
It can steal Discord tokens, crypto wallet credentials, Minecraft account credentials.
Hackers will hold your information for ransom, requiring a large payment in exchange for your data.
WeedHack is a Malware-as-a-Service (MaaS) campaign, meaning it’s a criminal business that sells hacking tools to customers, the same way a legitimate software company sells subscriptions.
The “product” is malware that gets secretly installed on a victim’s computer when they download what they think is a Minecraft mod or client. Once installed, it can steal passwords, hijack accounts, and, for paying customers, it can give the attacker live access to the victim’s screen, webcam, and files.
The campaign operates a polished, professional-looking dashboard hosted openly on the internet (not the dark web). That dashboard lets customers track their victims, download stolen data, and launch remote access features, all from a browser.
What it looks like to buy a subscription from WeedHack.
The Cyberbullying Problem
One of the most disturbing findings from our investigation is how WeedHack is being used.
While monitoring the campaign’s Telegram channel, which had over850 members during the time of our research, we observed that many customers appear to be teenagers and young adults, and a significant portion are using the remote access tools not for financial gain, but to harass and intimidate other players.
We observed attackers recording victims through their webcams without consent and sharing those recordings in the Telegram channel as trophies. Others used knowledge of victims’ IP addresses and system access to threaten them.
It’s important to note that, at the current time of publishing, the Telegram channel has been taken down, and no replacement channel has appeared. McAfee is continuing to monitor any new channels that may be established by the threat actors for further communication.
Still, what we observed is a form of cyberbullying with unusually invasive tools behind it. If you or your child has been contacted by someone online claiming they have hacked your computer, have your webcam footage, or know your IP address, take it seriously.
What to do if this happens:
Do not follow the attacker’s instructions, it makes things worse
Tell a trusted adult immediately (parent, guardian, school counselor)
Contact your local law enforcement, this may constitute criminal conduct.
Do not engage with the attacker or attempt to negotiate
The Telegram channel uncovered by McAfee.
How Do People Get Infected?
WeedHack spreads in two main ways, and the campaign even provides its customers with step-by-step tutorials on how to carry out both.
1. Fake YouTube Videos
Attackers create convincing YouTube videos reviewing or demonstrating Minecraft clients and mods.
The videos are well-produced, some include voiceover narration, and link to malicious download sites in the description and comments.
One video McAfee identified had over 7,500 views before being flagged. Comments are also sometimes planted by the attackers claiming the files are safe.
2. Fake Mod Websites
WeedHack instructs customers to build convincing-looking websites that mimic official Minecraft mod pages. These sites are deliberately designed to show up high in search engine results for popular mod names, a tactic called SEO poisoning.
Some fake sites include fake security warnings, Discord links, and GitHub references to appear legitimate. In one case, a site warned players to “only download from us,” while actively distributing malware.
Minecraft clients and mods specifically targeted include: Meteor Client, Radium Client, Wurst Client, LiquidBounce, Impact Client, Future Client, and others.
An example of a video hiding a malicious link in the description.
What Happens When You’re Infected?
Infection happens in four stages that happen silently in the background after a victim opens the downloaded file.
Stage 1 – First Contact: The malicious file launches quietly (without showing a console window), connects to a hidden network, and phones home to receive further instructions. It uses a sophisticated technique involving the Ethereum blockchain to locate its command server in a way that’s difficult to block or take down.
Stage 2 – Taking Hold: The malware disables Windows Defender protections, gathers detailed information about the victim’s computer (processor, graphics card, RAM, operating system), and takes a screenshot of their screen. It then steals Discord tokens and browser passwords and cookies. For McAfee users, this is where Web Protection would prevent users from visiting the site, and where our Antivirus would prevent any downloaded malware from taking hold.
Stage 3 – Digging In: The malware installs itself so that it automatically restarts every time the victim logs into their computer. It sets up a hidden scheduled task that runs continuously, even at the highest system privileges.
Stage 4 – Full Access: For premium customers, an additional component is installed that connects the attacker to the victim’s computer in real time. This includes live screen sharing with keyboard and mouse control, webcam access, keylogging (recording every keystroke), a reverse shell (full command-line access to the computer), and the ability to upload or download any files.
A separate component specifically hunts for Telegram credentials and cryptocurrency wallets, sending that data to a different server every five minutes.
Minecraft’s mod ecosystem is enormous and largely unregulated. Kids routinely search YouTube and Google for performance-boosting clients, cosmetic mods, and gameplay cheats, exactly the kinds of things WeedHack exploits.
Here’s a practical guide for families:
Red Flag
Safe Practice
The mod isn’t on the developer’s official website
Only download from CurseForge, Modrinth, or the mod’s verified GitHub
A site or video tells you to disable your antivirus to run the file
Never disable antivirus for a game mod. Legitimate mods don’t ask you to
A site you’ve never heard of claims to be the “only official” source
If you can’t verify the site is official, don’t download from it
Download links are in YouTube comment sections
Treat comment section links as a red flag, always
Your antivirus flags a file as malware, but they try to tell you to ignore it, it’s a “false alarm”
Use McAfee’s Threat Explainer to find out why this is malicious. Don’t disable antivirus
One of the best ways parents can protect their families is with McAfee’s award-winning antivirus and Web Protection, which are specifically designed to detect threats like WeedHack and help block malicious downloads before a device can be compromised.
Are McAfee Users Protected?
McAfee has been actively tracking WeedHack samples and detects this threat under the following signatures:
Trojan:Win/Weedhack.AA through Trojan:Win/Weedhack.AE
McAfee provides multiple layers of protection against threats like WeedHack.
Web Protection helps block access to malicious websites distributing infected Minecraft mods, stopping the threat before a file is ever downloaded.
Award-winning antivirus detects and blocks malware if a malicious file does make it onto your device.
Threat Explainer shows exactly why a file was flagged, helping users understand what happened and avoid similar scams in the future.
Together, these protections help proactively block risky downloads, reactively stop malware, and explain what to watch for next.
McAfee Labs continues to monitor WeedHack and will update coverage as new samples and domains are identified. For the full technical report including indicators of compromise, see the McAfee Labs analysis.
Key Terms Explained
Term
What it means
Malware-as-a-Service (MaaS)
A criminal business model where hackers sell or rent attack tools to other people, just like a software subscription
RAT (Remote Access Trojan)
Malware that gives an attacker remote control over a victim’s device — screen, files, camera, and more
Infostealer
Malware designed to silently collect and transmit passwords, cookies, and account credentials
SEO Poisoning
Manipulating search engine results so a malicious website appears near the top when someone searches for a legitimate product
Minecraft Client/Mod
Third-party software that modifies or enhances the Minecraft game experience. Legitimate ones are common; WeedHack fakes them
Minecraft Session ID
A token that proves you’re logged into Minecraft. Stealing it lets an attacker take over your account without your password
Keylogger
Software that secretly records every key a person types — including passwords, messages, and search queries
Reverse Shell
A connection from the victim’s computer back to the attacker that gives the attacker full command-line control
EtherHiding
A technique that hides a malware’s server address inside the Ethereum blockchain, making it very difficult to block
Discord Token
A credential that lets someone access your Discord account. Stealing it gives attackers full access without needing your password
Minecraft is a 2011 sandbox game developed and published by Mojang Studios. It is the best-selling video game in the world and has sold over 350 million copies worldwide. Its popularity has spanned over a decade due to its versatile gameplay, offering multiple game modes, including one of the most memorable Story Mode in gaming history.
It allows players to create and host multiplayer servers with a variety of gameplay options and offers a wide range of custom launchers, game mods, and cheats to choose from.
Its massive popularity and widespread use of third-party tools have also given rise to a dark side of the Minecraft ecosystem, which is filled with Remote Access Trojans (RATs), credential stealers, keyloggers and other malware threats.
McAfee Labs has recently uncovered a colossal Minecraft-focused Malware-as-a-Service (MaaS) campaign named ‘Weedhack’, that allows threat actors to remotely access and manipulate the victims’ screen, webcam and file system through a dashboard hosted on the clear net, making it easily accessible to anyone with a Discord account and an internet connection.
Key Findings
‘Weedhack’ has been active since January 2026 and masquerades as genuine Minecraft clients and mods to infect users.
We’ve discovered over 3820 unique malicious JAR files that are part of this attack and over 240 URLs responsible for distributing this malware.
This campaign utilizes SEO poisoning and YouTube to generate traffic to these malicious URLs. We also found two YouTube channels and multiple videos that demonstrate Minecraft Mods and Clients and redirect viewers to these URLs.
The campaign has accumulated a total of 116,464 hits, averaging approximately 2000 to 3,000 hits per day.
The campaign provides an enterprise-grade dashboard that allows customers to view stolen credentials and system information, download the payload, configure notifications, access tutorials, and remotely monitor their victims.
This campaign deploys EtherHiding, a technique that uses Ethereum blockchain to fetch its latest C2 domain. The responses are RSA-signed and verified before execution, helping protect the network from campaign takeover attempts.
We’ve uncovered 10 domains that host the next stage payloads and host the malware dashboard for the Weedhack campaign.
We’ve identified 11 domains that hosted similar MaaS campaigns in the past, orchestrated by the same threat actor.
We’ve unearthed the threat actor’s Telegram account and uncovered a Telegram channel for customers, with over 850 members, as of writing this blog.
This campaign offers two service tiers: free and premium.
The free tier includes a comprehensive infostealer capable of targeting Minecraft session IDs and four Minecraft launchers, collecting system information, and stealing cookies and passwords from 36 different browsers. It also targets 56 browser-based crypto wallets and 12 desktop crypto wallets, along with Discord, Steam, and Telegram credentials. It can search for files using 24 different keywords and includes screenshot capture capabilities.
For premium users, with subscriptions starting at $5 per month, it offers additional remote-access capabilities such as webcam access, keylogging, reverse shell execution, screen sharing with keyboard and mouse access, and file management features for uploading and downloading files.
While monitoring the Telegram channel, we found that WeedHack malware is a major catalyst for cyberbullying. Many of its customers appear to be teenagers and young adults and are using remote access capabilities to threaten, harass and monitor their victims, which are around the same age.
Whether you’re planning a once-in-a-lifetime trip or just hoping to catch a match while it’s in your city, the 2026 FIFA World Cup is already driving a surge in ticket searches, travel bookings, and last-minute plans.
But where there’s high demand and big money, scammers aren’t far behind.
New McAfee Research Finds a Gap Between Awareness and Risk
New research from McAfee shows that while most fans are aware of World Cup-related scams, many are still willing to take risks to secure tickets.
In fact, 40% say they would consider buying from an unofficial source if they can’t get tickets through the official FIFA site, as many expect tickets to sell out and hope to find affordable resale options.
That tension is what makes events like the World Cup especially vulnerable for scams.
With limited ticket availability, rising prices, and the pressure to act quickly, even informed fans can find themselves making decisions they normally wouldn’t, like buying tickets from a reseller on TikTok.
And scammers are counting on it.
Survey takeaways:
76% of fans are interested in getting World Cup tickets
35% have already started searching online
43% are willing to spend over $500 on tickets
66% say they’re aware of World Cup-related scams
66% say they’re concerned about being scammed
40% would consider buying tickets from unofficial sources
The Most Common World Cup Scams to Watch For
Below is a comprehensive breakdown of the most common scams tied to major global sporting events like the World Cup, including how they work and what to look for.
McAfee’s Scam Detector,Safe Browsingtools, VPN, and Password Manager work together to help you spot scamslike these as they happen by flagging suspicious messages, blocking risky websites, and helping you make safer decisions before you click, pay, or share information.
Scam Type
What It Is
How It Works
Red Flags
Fake Ticket Resale Scam
Fraudulent tickets sold through unofficial sites or individuals
Scammers create fake listings or duplicate real tickets and sell them to multiple buyers
Prices far below or above market, refusal to use official transfer systems, pressure to act fast
Social Media Ticket Scam
Tickets sold through platforms like Instagram, Facebook, TikTok, or X
Fake or hacked accounts post “last-minute” ticket offers and move conversations to DMs
Urgent language (“only 2 left”), new or suspicious profiles, requests to pay outside the platform
Duplicate QR Code Scam
One legitimate ticket is resold multiple times
Multiple buyers receive the same QR code, but only the first scan works
Screenshots instead of official transfers, identical tickets sold repeatedly
Fake Ticket Website Scam
Websites designed to look like official ticket platforms
Victims enter payment info or purchase tickets that don’t exist
Slightly misspelled URLs, unfamiliar domains, lack of official branding verification
Travel & Accommodation Scam
Fake hotels, rentals, or travel packages
Listings appear legitimate but either don’t exist or are already booked
Prices that seem unusually low, requests for upfront payment, lack of verified reviews
Booking Impersonation Scam
Fraudsters pose as airlines, hotels, or booking platforms
Victims receive messages about “issues” with bookings and are asked to click links or provide info
Unexpected messages, requests for login or payment details, links that don’t match official sites
Public Wi-Fi & Phishing Scam
Data theft through unsecured networks while traveling
Scammers intercept data or create fake login portals on public Wi-Fi
Open networks with no password, login pages asking for unnecessary information
Fake Giveaway Scam
Promotions claiming free tickets or VIP access
Victims are asked to enter personal data, click links, or pay “processing fees”
“You’ve won” messages you didn’t enter, requests for payment to claim prizes
Betting & Prediction Scam
Fake betting tips or “guaranteed wins” tied to matches
Scammers sell fake predictions or direct users to malicious betting sites
Claims of guaranteed outcomes, requests for upfront payment, unfamiliar platforms
Merchandise Scam
Counterfeit World Cup gear sold online
Buyers receive low-quality or no product at all
Unverified sellers, poor site quality, deals that seem too good to be true
How AI is Making These Scams More Convincing
Unfortunately, with the continued improvement of AI, these scams are becoming more convincing.
AI tools allow scammers to create:
More realistic websites and messages
Personalized outreach that feels legitimate
Fake endorsements, images, or promotions
That means traditional advice like “look for typos” is no longer enough on its own.
Today’s scams often look polished, professional, and believable.
The website above shows a scam operation detected by McAfee Labs. It has incredibly realistic seat-selection options and ticket-buying features. But it’s fake.Here you can see just how realistic the website looks. But these tickets are not actually for sale.
What “Official” Actually Means (and Why It Matters)
Use strong passwords and enable two-factor authentication. Consider a password manager like McAfee’s.
Verify before you buy
If something feels off, pause and check before sending money
What to Do If You Think You’ve Been Scammed
If you think you may have purchased a fraudulent ticket, clicked a suspicious link, or shared information with a scammer, acting quickly can help limit the impact.
Immediate steps to take
Stop communication immediately Do not send additional money or information, even if the sender claims you need to “complete” a transaction. It’s also a good idea to take screenshots of messages in case the scammer disappears.
Contact your bank or payment provider Report the transaction as soon as possible. Many institutions can help reverse charges or flag fraudulent activity if caught early.
Secure your accounts Change passwords for any accounts that may be affected, especially email, banking, and ticketing platforms. Our password manager and free password generator help create unique passwords every time.
Enable two-factor authentication (2FA) Adding an extra layer of security can help prevent unauthorized access, even if your password was exposed.
Scan your device for threats If you clicked a suspicious link or downloaded a file, run a security scan to check for malware or malicious software. Check out our free security scan.
Monitor for unusual activity Keep an eye on financial accounts, email logins, and any services tied to your personal information. Our free WebAdvisor helps protect you from malware and phishing attempts while you surf.
The image above shows malicious apps masquerading as sports betting sites or promising unique World Cup coverage. But when users download, their devices are infected.
How McAfee Helps You Spot Scams in the Moment
McAfee offers more than traditional antivirus, combining multiple layers of digital protection in one app to help you stay safer while searching, clicking, and buying online.
Scam Detector helps flag suspicious texts, emails, and videos automatically, so you can spot a scam before it hits you and your wallet
Safe Browsing tools help block risky websites, alert you to phishing attempts, and guide you away from malicious links
VPN helps keep your connection private on public Wi-Fi, protecting your personal and payment information
Password Manager helps create and store strong, unique passwords to reduce the risk of account takeover
Identity Monitoring and Alerts notify you if your personal information appears where it shouldn’t, so you can quickly take steps to fix it
Personal info removal helps find and remove your personal info from data broker sites and close out old forgotten accounts
The World Cup isn’t just another event, it’s a moment when millions of people are making fast decisions involving real money, travel plans, and personal information.
What McAfee’s research makes clear is that the biggest risk isn’t a lack of awareness. Most fans already know scams exist. The risk is what happens next.
When tickets are scarce, prices are high, and the pressure to act is real, even informed consumers may take chances they normally wouldn’t. That’s where scammers succeed: not by tricking people who aren’t paying attention, but by catching people in moments of urgency.
As demand continues to build toward the tournament, more fans will be searching, comparing, and purchasing online.
The takeaway is simple: Staying safe isn’t just about knowing scams exist. It’s about slowing down, verifying before you buy, and using tools that help you make informed decisions in the moment.
*McAfee is not affiliated with or endorsed by FIFA.
Abstract: Artificial intelligence is fundamentally reshaping the balance between vulnerability discovery and remediation. Frontier AI models are now capable of autonomously identifying exploitable software vulnerabilities at unprecedented speed and scale. This development exposes decades of accumulated technical debt created by a software industry that prioritized rapid deployment over secure-by-design engineering practices. Drawing on the evolution of software assurance, vulnerability disclosure frameworks, and U.S. cyber policy, this perspective argues that the current moment represents a strategic inflection point for governments, industry, and critical infrastructure operators. The author examines the growing tension between offensive and defensive equities in cyberspace, the emergence of AI-enabled vulnerability discovery capabilities in both the U.S. and China, and the increasing risks posed by unsupported legacy systems and AI-assisted code generation practices. Responsible disclosure can no longer remain a reactive or fragmented process, but must become a coordinated national and international resilience effort involving governments, software vendors, infrastructure operators, and emergency response organizations. The article concludes with an urgent call for accelerated remediation, large-scale patch management coordination, and sustained investment in automated vulnerability repair capabilities before adversaries exploit this rapidly narrowing window of opportunity.
Whether you’re planning a once-in-a-lifetime trip or just hoping to catch a match while it’s in your city, the 2026 FIFA World Cup is already driving a surge in ticket searches, travel bookings, and last-minute plans.
But where there’s high demand and big money, scammers aren’t far behind.
New McAfee Research Finds a Gap Between Awareness and Risk
New research from McAfee shows that while most fans are aware of World Cup-related scams, many are still willing to take risks to secure tickets.
In fact, 40% say they would consider buying from an unofficial source if they can’t get tickets through the official FIFA site, as many expect tickets to sell out and hope to find affordable resale options.
That tension is what makes events like the World Cup especially vulnerable for scams.
With limited ticket availability, rising prices, and the pressure to act quickly, even informed fans can find themselves making decisions they normally wouldn’t, like buying tickets from a reseller on TikTok.
And scammers are counting on it.
Survey takeaways:
76% of fans are interested in getting World Cup tickets
35% have already started searching online
43% are willing to spend over $500 on tickets
66% say they’re aware of World Cup-related scams
66% say they’re concerned about being scammed
40% would consider buying tickets from unofficial sources
The Most Common World Cup Scams to Watch For
Below is a comprehensive breakdown of the most common scams tied to major global sporting events like the World Cup, including how they work and what to look for.
McAfee’s Scam Detector,Safe Browsingtools, VPN, and Password Manager work together to help you spot scamslike these as they happen by flagging suspicious messages, blocking risky websites, and helping you make safer decisions before you click, pay, or share information.
Scam Type
What It Is
How It Works
Red Flags
Fake Ticket Resale Scam
Fraudulent tickets sold through unofficial sites or individuals
Scammers create fake listings or duplicate real tickets and sell them to multiple buyers
Prices far below or above market, refusal to use official transfer systems, pressure to act fast
Social Media Ticket Scam
Tickets sold through platforms like Instagram, Facebook, TikTok, or X
Fake or hacked accounts post “last-minute” ticket offers and move conversations to DMs
Urgent language (“only 2 left”), new or suspicious profiles, requests to pay outside the platform
Duplicate QR Code Scam
One legitimate ticket is resold multiple times
Multiple buyers receive the same QR code, but only the first scan works
Screenshots instead of official transfers, identical tickets sold repeatedly
Fake Ticket Website Scam
Websites designed to look like official ticket platforms
Victims enter payment info or purchase tickets that don’t exist
Slightly misspelled URLs, unfamiliar domains, lack of official branding verification
Travel & Accommodation Scam
Fake hotels, rentals, or travel packages
Listings appear legitimate but either don’t exist or are already booked
Prices that seem unusually low, requests for upfront payment, lack of verified reviews
Booking Impersonation Scam
Fraudsters pose as airlines, hotels, or booking platforms
Victims receive messages about “issues” with bookings and are asked to click links or provide info
Unexpected messages, requests for login or payment details, links that don’t match official sites
Public Wi-Fi & Phishing Scam
Data theft through unsecured networks while traveling
Scammers intercept data or create fake login portals on public Wi-Fi
Open networks with no password, login pages asking for unnecessary information
Fake Giveaway Scam
Promotions claiming free tickets or VIP access
Victims are asked to enter personal data, click links, or pay “processing fees”
“You’ve won” messages you didn’t enter, requests for payment to claim prizes
Betting & Prediction Scam
Fake betting tips or “guaranteed wins” tied to matches
Scammers sell fake predictions or direct users to malicious betting sites
Claims of guaranteed outcomes, requests for upfront payment, unfamiliar platforms
Merchandise Scam
Counterfeit World Cup gear sold online
Buyers receive low-quality or no product at all
Unverified sellers, poor site quality, deals that seem too good to be true
How AI is Making These Scams More Convincing
Unfortunately, with the continued improvement of AI, these scams are becoming more convincing.
AI tools allow scammers to create:
More realistic websites and messages
Personalized outreach that feels legitimate
Fake endorsements, images, or promotions
That means traditional advice like “look for typos” is no longer enough on its own.
Today’s scams often look polished, professional, and believable.
The website above shows a scam operation detected by McAfee Labs. It has incredibly realistic seat-selection options and ticket-buying features. But it’s fake.Here you can see just how realistic the website looks. But these tickets are not actually for sale.
What “Official” Actually Means (and Why It Matters)
Use strong passwords and enable two-factor authentication. Consider a password manager like McAfee’s.
Verify before you buy
If something feels off, pause and check before sending money
What to Do If You Think You’ve Been Scammed
If you think you may have purchased a fraudulent ticket, clicked a suspicious link, or shared information with a scammer, acting quickly can help limit the impact.
Immediate steps to take
Stop communication immediately Do not send additional money or information, even if the sender claims you need to “complete” a transaction. It’s also a good idea to take screenshots of messages in case the scammer disappears.
Contact your bank or payment provider Report the transaction as soon as possible. Many institutions can help reverse charges or flag fraudulent activity if caught early.
Secure your accounts Change passwords for any accounts that may be affected, especially email, banking, and ticketing platforms. Our password manager and free password generator help create unique passwords every time.
Enable two-factor authentication (2FA) Adding an extra layer of security can help prevent unauthorized access, even if your password was exposed.
Scan your device for threats If you clicked a suspicious link or downloaded a file, run a security scan to check for malware or malicious software. Check out our free security scan.
Monitor for unusual activity Keep an eye on financial accounts, email logins, and any services tied to your personal information. Our free WebAdvisor helps protect you from malware and phishing attempts while you surf.
The image above shows malicious apps masquerading as sports betting sites or promising unique World Cup coverage. But when users download, their devices are infected.
How McAfee Helps You Spot Scams in the Moment
McAfee offers more than traditional antivirus, combining multiple layers of digital protection in one app to help you stay safer while searching, clicking, and buying online.
Scam Detector helps flag suspicious texts, emails, and videos automatically, so you can spot a scam before it hits you and your wallet
Safe Browsing tools help block risky websites, alert you to phishing attempts, and guide you away from malicious links
VPN helps keep your connection private on public Wi-Fi, protecting your personal and payment information
Password Manager helps create and store strong, unique passwords to reduce the risk of account takeover
Identity Monitoring and Alerts notify you if your personal information appears where it shouldn’t, so you can quickly take steps to fix it
Personal info removal helps find and remove your personal info from data broker sites and close out old forgotten accounts
The World Cup isn’t just another event, it’s a moment when millions of people are making fast decisions involving real money, travel plans, and personal information.
What McAfee’s research makes clear is that the biggest risk isn’t a lack of awareness. Most fans already know scams exist. The risk is what happens next.
When tickets are scarce, prices are high, and the pressure to act is real, even informed consumers may take chances they normally wouldn’t. That’s where scammers succeed: not by tricking people who aren’t paying attention, but by catching people in moments of urgency.
As demand continues to build toward the tournament, more fans will be searching, comparing, and purchasing online.
The takeaway is simple: Staying safe isn’t just about knowing scams exist. It’s about slowing down, verifying before you buy, and using tools that help you make informed decisions in the moment.
*McAfee is not affiliated with or endorsed by FIFA.
The Jacksonville Jaguars recently released a viral schedule announcement video that appeared to show their star quarterback chopping off his signature long blond hair. The clip spread quickly online, pulling in nearly 4 million views on X and triggering reactions from fans, friends, and even Lawrence’s grandmother.
The catch? It wasn’t real.
The team later confirmed the moment was partially staged, partially AI-generated and part of the joke. Even Lawrence admitted the fake looked convincing.
And that’s exactly the problem.
What started as a harmless sports prank is also a reminder of how realistic AI-generated videos have become and how easily scammers can use the same technology to fool people online.
Why Deepfake Scams Are Growing Fast
Deepfake scams use artificial intelligence to clone someone’s face, voice, or likeness to create fake videos, ads, phone calls, or social media posts that appear real.
And increasingly, scammers are using celebrities, influencers, athletes, and trusted public figures to do it.
72% of Americans say they’ve seen fake celebrity or influencer endorsements online
39% say they’ve clicked on one
1 in 10 victims lost money or personal data
Average losses reached $525 per person
Why does it work? Because scammers know familiarity lowers our guard.
When people see a recognizable face, whether it’s Trevor Lawrence, Taylor Swift, Tom Hanks, or a favorite influencer, they’re more likely to trust what they’re seeing before stopping to question it.
From Funny Sports Videos to Real Financial Scams
The Jaguars video was meant as entertainment.
But scammers are already using the same technology for fraud.
McAfee researchers recently identified a growing wave of celebrity deepfake scams involving fake giveaways, investment schemes, romance scams, and fraudulent ads.
Some recent examples include:
Fake videos of TV personalities promoting “miracle” products
Usernames with extra characters or copied profile photos
Requests for money or personal data
Especially through DMs, crypto links, gift cards, or wire transfers
How McAfee Helps Protect You
AI scams are evolving fast, but layered protection can help you stay ahead of them.
McAfee’s Scam Detector, included in all core McAfee plans, can help identify suspicious links, messages, videos, and deepfake-related scams across texts, email, and social platforms before you click.
Additional protections like Web Protection and Identity Monitoring can also help reduce your risk if scammers attempt to steal your credentials or personal information.
Other Scam News This Week
Charter Confirms Data Breach
Charter Communications confirmed a data breach tied to a third-party vendor, exposing customer information. Whenever breaches like this happen, scammers often follow up with phishing emails and fake customer support calls pretending to help affected users.
7-Eleven Data Breach Reports Surface
Reports surrounding a potential 7-Eleven data breach are circulating online. Consumers should stay alert for fake password reset emails, loyalty account phishing attempts, and scam texts impersonating retailers.
‘Tom Selleck’ Celebrity Scam Highlights Rise of AI Impersonation Fraud
A tragic case tied to an alleged Tom Selleck impersonation scam is drawing attention to the growing threat of celebrity AI fraud. Experts warn that scammers are increasingly using fake celebrity profiles, AI-generated messages, cloned voices, and deepfake videos to build trust with victims online, especially older adults.
The case underscores how emotionally manipulative and financially devastating these scams can become.
Hackers Are Exploiting AI Chatbot “Personalities”
Researchers told The Verge that attackers are beginning to manipulate chatbot behavior and personalities to trick users into unsafe actions, highlighting growing concerns around AI trust and social engineering.
Fake Inheritance Email Scams Are Getting More Convincing
A phishing scam making headlines this week uses fake inheritance notices and “unclaimed estate” emails to pressure victims into sharing personal information.
Unlike older scam emails full of spelling mistakes, newer versions look polished and professional, often using legal-sounding language, fake reference numbers, and urgent 48-hour deadlines designed to trigger panic before people stop to verify the message.
McAfee Safety Tips This Week
The next deepfake won’t always look fake. That’s what makes these scams dangerous.
Here are some practical, go-to tips
Pause before clicking celebrity endorsements or viral videos
Verify accounts through official sources before trusting promotions
Never send money or personal data based on social media messages alone
Be skeptical of urgency, especially “limited time” threats
Use AI-powered scam protection tools to help identify suspicious content before you engage
Safe Practice
Scam Type
Scam Type