Cyber-criminals Exploit Paris Olympics With Fake Domains
Read more about cybersecurity at the Paris Olympics:
A new report has revealed a surge in malicious online activities leading up to the Paris Olympic Games, which started on July 26, 2024.
Published by cybersecurity researchers at BforeAI today, the new data shows threat actors exploited the popularity of the event by setting up fake social media accounts, stores and ticketing systems, as well as launching fraudulent cryptocurrencies.
The researchers analyzed newly registered domains (NRDs) acquired two weeks before the Olympics. Their findings include:
-
166 unique domains displaying signs of DNS abuse, such as keyword stuffing and typosquatting
-
Domains frequently used unconventional and suspicious top-level domains (TLDs) like .xyz, .win, .stream, .mobi, .shop, .store, and .info
-
Variations and common misspellings of “Olympics” (e.g., “olymplics,” “olymppics”) were used to catch mistyped domain names
-
Keywords related to the Olympics and specific years or events (e.g., “paris2024”, “olympics2024”) were heavily employed to draw traffic
These tactics both enhanced the search engine visibility of these malicious sites and increased their perceived legitimacy, improving their chances of successfully targeting potential victims.
Read more on threats targeting the Olympics: Paris 2024 Olympics Face Escalating Cyber-Threats
Impact on Consumers
In the report, BforeAI warned that the fake Olympic shop domains, in particular, represent a considerable risk, as they deceive fans looking to purchase official merchandise and experiences.
This could lead to significant financial losses for consumers and damage the reputation of legitimate vendors.
BforeAI also noted that cyber-criminals have created fake websites selling Olympic tickets designed to harvest personal information and payment details from users. The stolen data may then end up being sold on the dark web or used in future financial scams.
Additional Threats
Beyond ticketing and merchandise scams, the research highlighted the emergence of scam cryptocurrency coins and tokens marketed using Olympic-related branding.
Such schemes have previously appeared during other major events like the FIFA World Cup and often result in significant financial losses for investors.
Moreover, BforeAI noted how unauthorized live-streaming websites offering free access to Olympic events could harm official media broadcasters, potentially affecting the revenue of the International Olympic Committee (IOC).
Protective Measures for Fans
To ensure a secure Olympic experience, BforeAI called on fans to:
-
Only rely on official Olympic websites and social media channels
-
Avoid clicking on suspicious links and purchasing tickets from unofficial sources
-
Verify the authenticity of websites hosted on unfamiliar TLDs
-
Steer clear of investing in cryptocurrencies created solely for the Olympics
Reporting fake Olympic-based websites on social media can also help foster a safer online environment.