According to Hoxhunt’s phishing simulation data, temporal phishing attacks are 42% more likely to draw clicks than non-temporal phishing simulations.
The company said those campaigns capitalize on periods when employees already expect unusual or time-sensitive communications. During tax season, for example, workers anticipate messages related to payroll, compliance or refunds. During the World Cup, they may expect emails about promotions, travel, sponsorships, recruiting, events, tickets or giveaways, making malicious messages appear more believable.
Aalto said organizations need to adjust their defenses to reflect this changing threat landscape.
“The World Cup is a preview of where social engineering is headed as attackers are learning to weaponize the calendar,” he said. “Tax season, sporting events, product launches, mergers, payroll cycles — every meaningful moment has become part of the attack surface. The organizations that adapt their training as quickly as attackers adapt their lures will stay ahead.”
Hoxhunt also reported that FIFA-themed phishing threats were distributed relatively evenly across global regions, suggesting attackers are casting a wide net rather than concentrating on specific geographies. By comparison, phishing campaigns tied to the Paris 2024 Olympics and Eurovision 2026 occurred at significantly lower volumes.
The findings align with other recent cybersecurity research focused on sports-related threats.
Zimperium zLabs recently reported a sharp increase in mobile-targeted phishing campaigns exploiting interest in the FIFA World Cup 2026. Separately, Darktrace found that 57% of professional sports organizations experienced multiple cyber incidents during the past 12 months. The cybersecurity company’s research also found that 72% of sports organizations believe AI will increase cyber risk over the next year as AI adoption expands across stadium operations, ticketing, fan engagement and business operations. Darktrace added that its sports-sector customers receive nearly 20% more phishing emails than organizations in other industries.
Identity risks extend beyond the initial click
Rex Booth, chief information security officer at SailPoint, said AI is making phishing campaigns increasingly difficult for users to distinguish from legitimate communications.
“The danger of many phishing schemes, like those during the 2026 FIFA World Cup, lies in their ability to grant attackers access to credentials, enabling them to pretend to be trusted insiders,” Booth said. “With AI now in play, these campaigns are becoming ever more sophisticated and difficult to spot. This makes it imperative for users to adopt robust identity security best practices, including changing passwords frequently and enabling multi-factor authentication, and for organizations to prioritize identity as the new control plane.”
Booth added that while many AI-assisted attacks still require human involvement, organizations should prepare for increasingly autonomous threats as artificial intelligence capabilities continue to evolve.
For defenders, Hoxhunt’s findings suggest that security awareness efforts should increasingly mirror the timing of current events. Rather than relying solely on generic phishing education, organizations may need to tailor employee training around major cultural, sporting and business events that attackers are likely to exploit. As the World Cup data illustrates, cybercriminals are increasingly aligning phishing campaigns with moments when legitimate communications are already expected, making those attacks more difficult for employees to recognize.