As Morocco hosts the 2025 Africa Cup of Nations, cybersecurity experts are warning of a sharp increase in digital attacks targeting both individuals and institutions, a trend commonly associated with major international sporting events. Specialists note that heightened public interest and increased online activity around large tournaments create ideal conditions for cybercriminals to exploit.
Attackers are reportedly using a range of methods, including distributed denial-of-service (DDoS) attacks against official platforms, fake ticketing and accommodation websites designed to steal bank card data, and phishing campaigns that impersonate trusted brands and institutions. In stadiums and fan zones, unsecured public Wi-Fi networks are also being exploited to intercept personal and financial information from users.
Past events underline the scale of the risk. Cisco France, which handled cybersecurity operations for the Tokyo 2021 Olympics, previously reported around 450 million cyber incidents during the event, with experts expecting even higher volumes at subsequent global competitions. In Morocco, authorities and companies have already flagged attempted scams linked to the tournament. Fuel distributor Afriquia recently denied any connection to fraudulent links promising free fuel vouchers following Morocco’s Arab Cup victory.
Ayoub El Aïch, a cybersecurity expert at HackerOne, said the growing digitalisation of services such as transport, ticketing, and hospitality around major events increases exposure to phishing and social engineering attacks. These schemes often rely on fake websites closely mimicking legitimate platforms to deceive users into entering sensitive financial information.
Another expert, Taieb El Hazzaz, warned that Morocco is experiencing elevated cyber activity from both domestic and foreign actors during the tournament. He said fake websites resembling official Moroccan platforms are actively targeting fans searching for tickets and related services. Morocco’s national cybersecurity bodies, including the Directorate General for Information Systems Security, have stepped up monitoring and issued guidance to public institutions, though experts caution that risks rise when recommended safeguards are not fully implemented.
