Many are still leaving the door open’: Security experts warn FIFA World Cup partners could be putting customers at risk of email attacks
- Proofpoint warns that 36% of FIFA World Cup partners lack strong DMARC protections
- Weak email security exposes fans and sponsors to identity theft and fraud.
- Only 64% have a “reject” policy, meaning many areas remain vulnerable to identity theft.
As the 2026 FIFA World Cup approaches, cybercriminals will undoubtedly look to capitalize on the interest in identity theft, scams and electronic fraud. Security researchers at Proofpoint noted that they wouldn’t have trouble achieving this, as many World Cup partners don’t do enough to protect their online identities.
In a research report shared with TechRadar Pro, Proofpoint said that more than a third (36%) of official sponsors, vendors, partners and supporters lack the necessary email security measures to help them defend against domain spoofing.
“This may put fans, customers, and partners at increased risk of email fraud impersonating trusted brands,” the researchers said.
Article continues below
What is DMARC?
The company analyzed the level of adoption of domain-based message authentication, reporting, and compliance (DMARC) among sponsoring domains.
DMARC is an email authentication protocol that helps domain owners prevent attackers from spoofing their domain. It works by checking SPF and DKIM results and telling receiving email servers what to do if an email fails these checks, such as delivering it, quarantining it, or rejecting it. By implementing DMARC, organizations can define what action should be applied to messages using their domain name.
Proofpoint analyzed 25 domains and found that 24 (96%) have published a DMARC record at a basic level, meaning most organizations have at least started implementing protections. While this is commendable, the researchers said only 16 (64%) actively protect their domain name with the strictest DMARC policy: rejection.
“This means that more than a third (36%) are not yet proactively blocking fraudulent emails that attempt to impersonate their brand,” Proofpoint concluded.
Additionally, eight domains (32%) have DMARC set to a monitoring mode or partial enforcement position, which allows businesses to see what’s happening, but not stop spoofed emails in their tracks.
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
