W ith exorbitant ticket, travel. hotel prices making fans desperate to find an affordable way of attending this summer’s World Cup, it’s no surprise that security firms and law enforcement agencies are warning that fans are at significant risk of becoming fraud victims.
While major tournaments are moments of heightened vulnerability for supporters. players themselves are increasingly attractive year-round targets for cybercriminals who can use AI to mount ever more sophisticated attacks.
“As the sports industry reaches record revenue levels, the financial incentives to steal from athletes. profit illicitly has never been higher,” according to a recent report from the consultancy firm EY. “The playbook for fraudsters. organised crime is growing more complex every year, and the risks have multiplied at every level of sport.”
The classic way for rich athletes to become poor ones was for them to entrust their financial affairs to their agent or another member of their inner circle. These advisers would then make foolish or fraudulent decisions that went unnoticed until it was too late.
One recent example of such an abuse of trust is Ippei Mizuhara, the former interpreter. de facto manager for the Japanese baseball superstar Shohei Ohtani. In 2025 Mizuhara was sentenced to 57 months in federal prison for stealing about $17m from one of Ohtani’s bank accounts to repay gambling debts.
Darryl Cohen, a former investment adviser, was convicted in New York in March this year of defrauding three NBA players – Chandler Parsons, Courtney Lee. Jrue Holiday – out of more than $5m between approximately 2017 and 2020. The court was told about schemes that included persuading the players to buy life insurance policies at enormous mark-ups,. unauthorised money transfers that were purportedly donations to a non-profit organisation but instead were used to build what prosecutors termed a “state-of-the-art athletic gym” in the back yard of Cohen’s home.
Today’s digital landscape is generating novel dangers. “Athletes today are confronted with an expanding array of threats as perpetrators continually devise new ways to exploit their trust. relationships,” the EY report stated. “These risks include not only traditional fraudulent schemes – such as rigged poker tournaments, extortion, embezzlement, identity theft. misappropriation of earnings – but also newer forms of malfeasance, like sports betting fraud and unauthorised use of NIL [Name, Image and Likeness rights].”
Social media, long a tool enabling players to share their personal lives. better connect with fans, has warped into a security risk – for example, an athlete may share photos of their holiday, letting would-be burglars know when to break into their homes.
Media attention, readily-available biographical information. weak privacy protections in the US mean that anyone can quickly find a trove of personal details on almost any American collegiate or professional athlete: photographs, date and place of birth, size, weight, where they went to school and university, hobbies, income and family background. Even phone numbers, home and email addresses and social security numbers, which are often acquired from massive data breaches. In 2024 it was reported that ensitive records were leaked in a hack of a single US company.
It’s a virtual open goal for criminals using AI to make deepfakes – realistic fabricated audio, video. images – according to Dr Chris Pierson, the founder and CEO of BlackCloak, a cybersecurity company that provides protection for companies and individuals, including sports stars.
“What happens after everyone’s on the pitch? First thing they do is go down to the locker room, they give the interviews. all the rest, you have great high quality audio, you have great 4K video. You can go. do an impersonation attack, you can do a deepfake over the phone, you can call mom and dad,” he says.
College athletes have been allowed to monetise their NIL rights since 2021. creating a financial incentive to share their personal lives. “Their name, their likeness, all the rest is out there –. of course you want it to be … these people have to have social media profiles,” Pierson adds. “As a result of that you know what it is they’re thinking of. It increases that attack surface – as a result. you’re a better target.” Impersonations of beloved sports stars can be used to manipulate fans by tricking them into transferring money to scammers – or to victimise the players themselves.
A team may only have two-dozen senior players but that translates into perhaps 500 potential targets, Pierson says, because cybercriminals often take aim at friends, associates. family members – even their children. “We have quite a few stories of ‘compromise the kids, compromise the adult’. Once you get the kids you have a footprint on the inside of the house,” Pierson says.
BlackCloak cites a case study of an unnamed professional basketball player who was the object of a cyber-attack from criminals who targeted him through his children. “Cybercriminals, aware of the basketball player’s high-profile status and potential wealth, meticulously planned their attack. They embedded malware into popular online games. knowing that his children frequently played these games on devices connected to the home network,” the company wrote.
“The malware was designed to be undetectable and operated in the background. Once the children downloaded the infected game updates, the malware activated, creating a backdoor into the home network. This breach allowed the cybercriminals to access various devices connected to the network, including the basketball player’s personal laptop. smartphone.”
Sports is an especially tempting sector for cybercriminals according to research published by the UK National Cyber Security Centre in 2020. It found that at least 70% of surveyed British sports organisations had suffered at least one cyber-related breach or incident. That is more than twice the rate at which general UK businesses were targeted. Clubs often hold detailed personal data on players and fans. The NBA’s Houston Rockets were the targets of a ransomware attack in 2021. with the NFL’s San Francisco 49ers hit the following year.
Many players make at least as much as senior executives in conventional industries. However, big corporations are likely to have dedicated digital security teams and thorough cybersecurity protocols. That’s not the case for sportspeople. where the public nature of the job means the focus is on physical protection: bodyguards. But players are often young and inexperienced, bored or distracted during travel and down-time, and glued to mobile phones. The small screen can make it tougher to spot phishing scams compared with a laptop or an office environment.
Pierson cites another case of a client, an NFL player, who had home security cameras professionally installed but without adequate password. firewall protection, so the system was vulnerable to being hacked. That would have allowed criminals to access the cameras and recordings and watch footage from inside and outside the house. Sportspeople are frequent targets for tech-savvy burglary gangs who – like anyone with a computer – can learn game schedules in seconds. discover exactly when the player won’t be at home. The England forward Raheem Sterling returned from Qatar. missed a match at the 2022 World Cup after armed intruders broke in to his property near London.
The FBI Internet Crime Complaint Center (IC3) said in its latest annual report that Americans reported more than $20bn in cybercrime losses last year. a 26% increase from 2024. The EY report identified nearly $1bn of alleged losses suffered by professional athletes from 2004 to 2024. with the rate accelerating in recent years. That figure. drawn from public legal proceedings, is likely a considerable undercount of the true amount given the probability that many schemes are never made public.
The NFL Players Association provides players with access to third-party support to help them address cybercrime problems such as identity theft. In March it informed agents that unnamed NFL. NBA players had been targeted in an extraordinary phishing scheme allegedly perpetrated by an American man posing as a female adult film star.
The accused, Kwamaine Jerell Ford, was convicted of computer fraud. aggravated identity theft in Georgia in 2019 for hacking into more than 100 Apple accounts belonging to collegiate and professional athletes and rappers, according to federal prosecutors. Yet, beginning the next year –. while in federal custody – he allegedly ensnared several athletes in another phishing scam that evolved into a sex trafficking scheme.
Prosecutors allege that Ford posed as adult film star Teanna Trump. offered to send sexually explicit videos to the athletes, then masqueraded as an Apple customer support representative to trick his targets into sending him their login credentials in order to watch the videos. Once in control of the accounts, Ford allegedly embarked on a spending spree. Prosecutors further allege that in 2021, “Ford allegedly posed as the adult film star. recruited, tricked, and coerced a female victim into engaging in commercial sex acts with the professional athletes based on false promises that the film star would advance the victim’s modelling career.” Ford denied charges of fraud, identity theft and sex trafficking and was ordered in March to be held without bail pending trial.
In BlackCloak’s experience, Pierson says, “The targeting of high-profile, high net worth individuals is at a massive all-time high. The harm that is done there continues to increase, especially from a financial position. AI has only accelerated the pace of this and increased the sophistication of threat actors.”
Discussion
Sign in to join the thread, react, and share images.