惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

WordPress大学
WordPress大学
Cyberwarzone
Cyberwarzone
The GitHub Blog
The GitHub Blog
云风的 BLOG
云风的 BLOG
P
Proofpoint News Feed
小众软件
小众软件
Recent Announcements
Recent Announcements
博客园 - 三生石上(FineUI控件)
Security Archives - TechRepublic
Security Archives - TechRepublic
W
WeLiveSecurity
Cloudbric
Cloudbric
博客园 - 司徒正美
美团技术团队
N
News and Events Feed by Topic
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
PCI Perspectives
PCI Perspectives
宝玉的分享
宝玉的分享
H
Help Net Security
H
Hackread – Cybersecurity News, Data Breaches, AI and More
Google DeepMind News
Google DeepMind News
Help Net Security
Help Net Security
Last Week in AI
Last Week in AI
S
Schneier on Security
N
News | PayPal Newsroom
B
Blog RSS Feed
L
LINUX DO - 最新话题
T
Troy Hunt's Blog
S
Secure Thoughts
雷峰网
雷峰网
aimingoo的专栏
aimingoo的专栏
L
Lohrmann on Cybersecurity
G
Google Developers Blog
Microsoft Azure Blog
Microsoft Azure Blog
Hacker News - Newest:
Hacker News - Newest: "LLM"
T
Tenable Blog
S
Securelist
L
LangChain Blog
Recent Commits to openclaw:main
Recent Commits to openclaw:main
I
InfoQ
H
Heimdal Security Blog
Cisco Talos Blog
Cisco Talos Blog
F
Full Disclosure
Y
Y Combinator Blog
酷 壳 – CoolShell
酷 壳 – CoolShell
K
Kaspersky official blog
T
Tailwind CSS Blog
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
阮一峰的网络日志
阮一峰的网络日志
C
Cisco Blogs

Proofpoint News Feed

New Cargo Theft Surge: From Lobster Heists To Bourbon Warehouse Scams Defending the Authentication Flow: Device Code Phishing with Selena Larson Proofpoint Joins the OpenAI Daybreak Cyber Partner Program to Advance Responsible AI-Powered Cyber Defense | Proofpoint US OpenAI Lets Cyber Vendors Embed GPT-5.5 in Defenses Suspected North Korean actors use fake ‘coding assignments’ to steal crypto China-Linked TA4922 Expands Phishing Attacks to U.K., Germany, Italy, and South Africa Proofpoint Introduces Active Exploits Protection to Help Organizations Prioritize Vulnerability Patching for Real-World Attacks in the AI Era | Proofpoint US Verizon DBIR: Healthcare Fends Off Increased Social Engineering Attacks Proofpoint Integrates with the Claude Compliance API to Extend Data Security and Governance to Claude | Proofpoint US Proofpoint Launches Dedicated MSP Business Unit and Introduces 365 Total Protection for North America | Proofpoint US The spy who logged me in. - YouTube Proofpoint Establishes Innovation Precedent for Source-Agnostic Modern Enterprise Investigations | Proofpoint US The Most Powerful Women Of The Channel 2026: Power 100 AI Security Gaps Create New MSSP Opportunity: Proofpoint Claude Mythos Fears Startle Japan's Financial Services Sector Proofpoint Research Reveals Half of Global Organizations Experienced AI Incidents Despite Having AI Security Controls in Place | Proofpoint US AI-Era Threats Spread Beyond Email Into SaaS, Collaboration Apps, and AI Assistants Clear market trend for software providers to help with AI: Proofpoint CEO - YouTube Cargo thieving hackers running sophisticated remote access campaigns, researchers find Freight Hacker Wields Code-Signing Service to Evade Defenses - YouTube Microsoft 365 mailbox rules abused for exfiltration, persistence AI Security Risks: Proofpoint CSO Ryan Kalember, Live at RSAC 2026 Axios Future of Cybersecurity: Russians suspected of using iPhone spyware 15 Top Cybersecurity CEOs On The Future Of AI Agents: RSAC 2026 How AI Agents Are Redefining the Insider Risk Threat Model 5 Ways To Protect Enterprise Value During A Merger Or Acquisition CUBE Events 20 Coolest AI And Security Products At RSAC 2026 Proofpoint Redefines Email and Data Security for the Agentic Workspace | Proofpoint US Proofpoint Pursues FedRAMP High Authorization Process for Collaboration Security | Proofpoint US Proofpoint Unveils Industry’s Newest Intent-Based AI Security Solution to Protect Enterprise AI Agents | Proofpoint US
FIFA World Cup 2026: More than One-Third of Official Partners Expose the Public to the Risk of Email Fraud | Proofpoint US
2026-04-14 · via Proofpoint News Feed

Analysis by cybersecurity company Proofpoint reveals that while most partners have implemented baseline email authentication, many are still not proactively blocking fraudulent emails that impersonate their brands

Proofpoint, a leader in cybersecurity and compliance, today unveiled the results of a study showing that more than one-third (36%) of the official sponsors, suppliers, partners and supporters associated with the FIFA World Cup 2026, which takes place from the 11 June to 19 July 2026, do not have the necessary email security measures in place to help protect themselves from domain impersonation. This may expose fans, customers, and partners to an increased risk of email fraud that impersonates trusted brands.

Cybercriminals routinely seek to capitalize on major global sporting events by targeting fans with social engineering scams posing as sponsors, airlines, hospitality brands, delivery services, or consumer brands, using lookalike domains and spoofed email. In the run-up to a tournament that drives a huge surge in travel, ticketing interest, promotions, and merchandise activity, the wider ecosystem must be strengthened against email-borne threats, the primary attack vector for fraud.

To establish the current state of defenses against impersonation risk, Proofpoint analyzed the level of adoption of DMARC (Domain-based Message Authentication, Reporting and Conformance) across a list of World Cup sponsor domains.

DMARC, the first line of defense against email fraud

In recent years, Proofpoint has observed cybercriminals using a range of tactics to impersonate legitimate organizations to reach their target, rather than hacking into and infiltrating their victims’ networks and technical infrastructure.

DMARC is an email authentication protocol designed to protect domain names from misuse by cybercriminals. It authenticates the identity of the sender before allowing a message to reach its destination. DMARC has three levels of protection: monitoring, quarantine, and reject; rejection being the safest way to prevent suspicious messages from reaching the inbox.

Implementing DMARC allows an organization to define what treatment should be applied to email messages using its domain name, as well as the policy to be applied in case of failure during verification: accept the email message (p=none, where p here stands for policy), categorize it as spam (p=quarantine), or delete it (p=reject).

Key research findings include:

The domain names that make up the FIFA World Cup 2026 sponsors, partners, suppliers and partners ecosystem were analyzed, with the following findings:

  • Out of the 25 domains analyzed, 24 (96%) have published a DMARC record at a basic level, indicating most organizations have begun implementing protections against email domain impersonation.
  • However, only 16 of the 25 domains (64%) actively protect their domain name with the strongest DMARC “reject” policy, the setting that prevents unauthenticated, spoofed emails from being delivered. 
  • This means more than one-third (36%) are not yet proactively blocking fraudulent emails that attempt to impersonate their brand.
  • Eight domains (32%) have DMARC set to monitoring mode or a partial enforcement posture, which provides visibility but does not stop spoofed emails from reaching inboxes.

Matt Cooke, EMEA Cybersecurity Strategist at Proofpoint, said: “Major events like the FIFA World Cup naturally generate huge excitement - from travel plans and ticket purchases to special offers and merchandise. Unfortunately, that also creates opportunities for scammers to take advantage of fans. While it’s encouraging that many partner brands have taken steps to improve their email security, too many are still leaving the door open to fraudulent messages. Without stronger protections in place, it becomes easier for criminals to impersonate trusted brands and trick people into sharing personal details or making payments for fake offers.”

Fans should be especially cautious in the run-up to the tournament and keep the following recommendations in mind:

  • The safest way to buy tickets is directly from FIFA, which does have a full DMARC 'reject' policy in place.
  • Be wary of unsolicited emails, texts, or calls - especially those urging urgent action or immediate payment.
  • Never share financial information or passwords via email or text message; if in doubt, contact the organization using official channels.
  • Use a unique password for each account and enable multi-factor authentication (MFA) where possible.

Learn more about DMARC visit: https://www.proofpoint.com/us/threat-reference/dmarc

###

Methodology:

To assess the level of DMARC adoption among the official sponsors of the FIFA World Cup 2026, Proofpoint conducted an analysis of the primary corporate domains of each organization listed on the FIFA website, along with Sports Business Journal. FIFA has a full DMARC “reject” policy in place. The analysis was carried out in February 2026.

About Proofpoint, Inc.

Proofpoint, Inc. is a global leader in human- and agent-centric cybersecurity, securing how people, data, and AI agents connect across email, cloud, and collaboration tools. Proofpoint is a trusted partner to over 80 of the Fortune 100, over 10,000 large enterprises, and millions of smaller organisations in stopping threats, preventing data loss, and building resilience across people and AI workflows. Proofpoint’s collaboration and data security platform helps organisations of all sizes protect and empower their people while embracing AI securely and confidently.  Learn more at www.proofpoint.com.


Connect with Proofpoint on LinkedIn

Proofpoint is a registered trademark or tradename of Proofpoint, Inc. in the U.S. and/or other countries. All other trademarks contained herein are the property of their respective owners.