The excitement surrounding the 2026 FIFA World Cup is being systematically exploited by organized cybercriminal networks, according to Professor Youssef Bentaleb, president of the Centre Marocain de Recherches Polytechniques et d’Innovation. In an interview with Le Matin Daily, Bentaleb warns that major sporting events generate ideal conditions for fraud: a vast pool of engaged users, time pressure that reduces vigilance, and a powerful emotional impulse to access matches at any cost. He describes the phenomenon as criminal marketing — prepared months in advance, deployed with professional precision at the moment of maximum public receptivity.
The dominant attack vectors are well established. Fraudulent streaming sites mimic legitimate platforms in every visual detail — official logos, authentic match schedules, fictional viewer counts — and ask users to create accounts or submit personal and banking data before any video content is displayed. Malicious mobile applications, which may circulate outside official stores or temporarily infiltrate them, replicate the interfaces of genuine services while requesting permissions that expose the device’s most sensitive functions. These include access to SMS messages, contacts, and accessibility services — technical capacities that can allow a malicious application to open a banking app, populate a transfer form, and submit it without the user’s awareness.
The risk extends to the WhatsApp ecosystem, which remains a primary communication channel in Morocco. A link shared by a contact carries implicit trust, dynamic cybercriminals have learned to exploit by seeding fraudulent links through compromised or deceived users within genuine social networks. Bentaleb notes that artificial intelligence has substantially raised the credibility threshold: today’s fraudulent interfaces are effectively free of the spelling errors and visual inconsistencies that once served as warning signals.
Two security mechanisms widely considered robust are also at risk. Bank authentication codes sent by SMS can be intercepted by applications with messaging permissions, neutralizing standard two-factor authentication. Biometric verification — fingerprints or facial recognition — can be solicited under a false pretext, such as accessing a streaming service, while in reality authorizing a financial transaction. These techniques are not hypothetical: they are actively deployed by known malware families including Anatsa, Cerberus, and Hook, which already target users across Africa and the Middle East.
Bentaleb emphasizes that no demographic group is immune, including technically skilled professionals who may receive targeted spear phishing attempts constructed from data harvested on professional social networks. The primary differentiator, he argues, is not technical literacy but sustained vigilance — knowing that the impulse to find a match stream quickly is precisely the psychological state cybercriminals design their campaigns to exploit. He identifies the promise of free access to rights-protected broadcasts, requests for excessive application permissions, and artificial urgency messages as the clearest warning signals, and directs Moroccan users wishing to report suspicious content to the DGSN’s e-blagh platform or the e-vigilance.ma portal.
