Scam Trends, July 2026: World Cup Cons, Prime Day Fallout, and a Record Imposter Year

ScamDrill July 2026 scam report cover: event season is scam season. $3.5 billion lost to imposter scams in 2025, more than 13,000 World Cup domains registered with about 9% flagged, and 6,843 Amazon-themed domains built before Prime Day
Bottom line up front

Scammers work a calendar, and July’s is crowded. The FTC’s new breakout puts 2025 imposter-scam losses at a record $3.5 billion, nearly triple 2020, and this month hands imposters plenty of cover: the World Cup’s knockout rounds run through July 19, post-Prime Day “order problem” phishing is landing while real packages are still in transit, and peak military moving season brings rental and benefits cons. The defense hasn’t changed: type addresses yourself, and verify on a channel you chose.

Last month’s roundup covered the big annual report cards: $15.9 billion in fraud reported to the FTC for 2025, and $20.9 billion in internet-crime losses logged by the FBI. If you missed it, the June trends report is the place to start. This month the story is less about totals and more about timing. A run of fresh federal warnings and threat research shows, in unusual detail, how scam operations get built around the events already on your calendar, sometimes months in advance.

Here is what is moving in July, for households and for the businesses many of us run.

The imposter economy got its own report card

In mid-June the FTC published its deepest look yet at impersonation fraud, and the numbers earn the attention. People reported losing $3.5 billion to imposter scams in 2025, nearly three times the 2020 figure. Almost one in three fraud reports filed last year involved an imposter of some kind: a fake bank, a fake agency, a fake sheriff, a fake grandchild.

The split inside that number is worth knowing. Business impersonators took nearly $1 billion, with bank imposters the costliest of the bunch. Government impersonators took about $920 million. Both are up from 2024, when the same categories cost $866 million and $789 million.

The imposter economy, 2025 Reported U.S. losses to impersonation scams Business imposters (banks costliest) ~$1.0B Government imposters $920M Up from $866M and $789M in 2024 Total reported lost to imposters, all types nearly 1 in 3 fraud reports named an imposter $3.5B Source: FTC imposter-scam data release, June 2026 ScamDrill
Bank imposters lead the business column; toll and DMV texts drove the government column. The total has nearly tripled since 2020.

The costliest opening move is a fake security alert, usually from “your bank.” The message says your account is compromised, and the follow-up call talks you into moving money somewhere “safe.” The FTC’s blunt observation: losses in these cases are often limited only by how much the victim had available. So make the rule absolute. No bank, agency, or company will ever ask you to move money to protect it. The moment anyone does, you are talking to a thief. That message is also the heart of Never Ever, the public education campaign the FTC and partners like the American Bankers Association launched in June to spell out what government and businesses will never, ever ask of you.

The World Cup enters its most dangerous stretch

The tournament’s knockout rounds run through the July 19 final in New Jersey, which means ticket desperation is peaking right on schedule. The FBI warned in late May that criminals are spoofing FIFA websites to harvest personal data and sell tickets that do not exist, naming 36 lookalike domains, including fake FIFA job portals, and calling out search ads as a main way victims find them.

Threat researchers tracking the tournament put the scale higher: more than 13,000 World Cup–linked domains registered within five months, roughly 9% of them already flagged as suspicious or malicious, and over 270,000 compromised credentials tied to ticketing and fan platforms. The safe path is narrow and simple. FIFA’s official site, typed into your browser yourself, is the only legitimate ticket source, and no honest seller asks a stranger to pay by wire, Zelle, or crypto. We published a full guide to World Cup ticket scams before the tournament, and every word of it holds through the final whistle.

Prime Day is over. The phishing is not.

Amazon moved Prime Day to June 23–26 this year, and the fraud infrastructure moved with it. Check Point counted 6,843 new Amazon-themed domains registered between December and May, with the pace peaking in April at 1,446 in a single month. That head start is deliberate. Parking a domain two months early lets it “age” into respectability, so reputation filters wave it through by the time the event arrives. By May, roughly one in eleven of the new domains had already been flagged.

Built months before the sale New Amazon-themed domains ahead of Prime Day (June 23–26) 6,843 registered Dec 2025 through May 2026 1,446 April peak, two months out 1 in 11 of May’s new domains flagged as malicious Domains are parked early so they “age” past reputation filters by the time the shopping event goes live. Source: Check Point Research, June 2026 ScamDrill
The same build-ahead pattern shows up around the World Cup: 13,000+ tournament-linked domains in five months, roughly 9% flagged.

Two campaigns show how organized this is. One operation registered the name amazon-prime under six different endings (.help, .cam, .club and so on) to catch Prime members no matter what they typed. Another built 46 “amazoncredito” domains aimed at Spanish- and Portuguese-speaking shoppers, some using an accented spelling that renders as amazoncrédito to look more native.

For most households, though, July is the aftermath window, and the aftermath is where the volume is. You ordered things. Deliveries are still arriving. So a text about a failed delivery, an email about a payment problem, or a warning that your membership is about to renew at a higher price all land on fertile ground. One habit beats all of it: never handle an Amazon problem through a link that came to you. Open the app or type the address, check Your Orders, and you will know in ten seconds whether the problem exists.

July is Military Consumer Month, and scammers got there first

The FTC opened its annual Military Consumer Month campaign on July 1, and the underlying data explains why it exists. In the most recent full-year breakdown, the military community reported $584 million lost to fraud in 2024, with veterans and retirees carrying $419 million of it. The median military loss ran about $700, well above the roughly $500 median for the general public. Frequent moves, reliable paychecks, and benefits that are easy to impersonate all play a part.

Two patterns matter most right now. Summer is peak PCS season, and rental listings near bases attract scammers who copy real photos, price the home just under market, and push for a deposit before a tour; our guide to PCS rental scams walks through the checks that unmask them. The other is benefits impersonation: calls and texts claiming to be the VA or DFAS about a “problem” with pay or benefits. Real agencies do not call to demand verification. The broader playbook is in our guide to scams that target military members and veterans.

Also moving this month

For businesses: the calendar is the threat model

The same event rhythm shows up in attacks on companies. In May, financial-services organizations averaged 1,939 attempted attacks per week, up 8% year over year and four times the all-industry growth rate. Consumer-goods and retail organizations averaged 1,809, up 4%. Event weeks concentrate the risk, because more genuine order, shipping, and booking email in circulation means phishing blends in better, for staff as much as for customers.

Event weeks hit businesses too Average weekly attacks per organization, May 2026 1,939 +8% YoY Financial services 1,809 +4% YoY Consumer goods & retail The stop: confirm bank-detail changes on a number you already had. Source: Check Point Research, May 2026 ScamDrill
Four times the all-industry growth rate for financial services. Event weeks give phishing more real mail to hide among.

The FTC pointed small businesses at a related problem this spring: fake invoices for products nobody ordered, sent in the hope that accounts payable pays first and reconciles later. The fix costs nothing. Brief the people who handle money and email before big shopping and travel weeks, require a second approver above a set threshold, and keep the out-of-band rule for any bank-detail change. The patterns in our guide to social engineering aimed at small businesses cover most of what gets through the filters.

The pattern underneath

Every item this month is the same con wearing different event merchandise. The scammer borrows a deadline you already care about: a knockout match, a package, a move date, a flight, an invoice cycle. Then they add the three ingredients that never change: contact you did not ask for, urgency, and a payment you cannot reverse. Two of those three together is your cue to stop. Slow down, and verify on a channel you picked yourself.

Practice beats panic.

ScamDrill sends safe, realistic fake texts, voicemails, and emails to your family or your team on a rotating schedule, tuned to the scams trending right now. When someone clicks, they get a teachable moment instead of a real loss.

Start a free drill →

Pick one item from this list and run it past someone this week. Ask the soccer fan in your life where they would buy a knockout-round ticket. Forward a parent a fake delivery text and talk through the tells. Ask whoever pays your company’s invoices what would happen if a vendor’s bank details changed tomorrow. The people who practice are the ones who catch it live.

Sources: FTC imposter-scam data release (June 15, 2026) and FTC consumer alerts on fake CAPTCHAs, travel fraud, and Military Consumer Month (June–July 2026); FBI IC3 public service announcement on World Cup ticket fraud (May 27, 2026); Check Point Research analyses of Prime Day domains, travel phishing, and sector attack rates (May–June 2026); Cyble World Cup domain research (2026).

Frequently asked questions

How much money did people lose to imposter scams in 2025?

A record $3.5 billion, according to FTC data released in June 2026, nearly three times the 2020 figure. Almost one in three fraud reports involved an imposter. Business impersonators took nearly $1 billion, with bank imposters the costliest, and government impersonators took about $920 million. The most expensive version starts with a fake security alert from “your bank” followed by instructions to move money to “protect” it. No real bank, agency, or company will ever ask you to do that.

How do I avoid World Cup ticket scams during the knockout rounds?

Buy only through FIFA’s official site, typed into your browser yourself, and never pay a stranger by wire transfer, Zelle, or crypto. The FBI warned in late May 2026 that criminals are spoofing FIFA websites, naming 36 lookalike domains, and researchers have tracked more than 13,000 World Cup–linked domains registered in five months, with roughly 9% flagged as suspicious or malicious. Ticket desperation peaks in the knockout rounds through the July 19 final, which is exactly when fake resale offers work best.

Why am I still getting Amazon texts after Prime Day ended?

Because the aftermath is part of the plan. Researchers counted 6,843 new Amazon-themed domains registered in the six months before Prime Day (June 23–26 this year), and about 1 in 11 of the newest ones were already flagged as malicious. After the event, scammers send fake failed-delivery texts, payment-problem emails, and membership-renewal warnings while your real orders are still arriving. Never resolve an Amazon issue through a link that came to you; open the app or type the address and check Your Orders directly.

What scams target military families in July?

July is the FTC’s Military Consumer Month, and the timing matches real risk. The military community reported $584 million lost to fraud in 2024, with veterans and retirees carrying $419 million, and a median loss of about $700 versus roughly $500 for the general public. Summer is peak PCS moving season, which brings fake rental listings near bases that demand deposits before a tour, plus imposters posing as the VA or DFAS claiming problems with pay or benefits. Verify through official channels you look up yourself.