Skip to content

Cybercriminals exploit Paris 2024 Olympics with phishing websites

  • by
  • 4 min read

A fraudulent website, ‘paris24tickets[.]com,’ has appeared in second place in Google’s sponsored results. It claims to sell tickets for the Paris 2024 Summer Olympic Games to unsuspecting fans. With millions of people expected to visit France for the games, numerous phishing websites, including this one, have emerged to scam individuals.

Researchers observed that the scam website, ‘paris24tickets[.]com’ positioned itself as a secondary marketplace for sports and live events tickets and ranked quite high among the sponsored search results on Google for queries related to “Paris 2024 tickets.”

When researchers contacted the officials in France, they were able to confirm that the website was indeed a scam. After this revelation, they collaborated with the domain registrar to suspend the site’s operation shortly after its discovery.

The phishing website at second place in sponsored results on Google. | Source: Proofpoint

The deceitful website was just one among a network of similar scams. More than 338 such websites have mushroomed in recent months. However, due to the efforts of researchers, 51 of these sites have been forcibly shut down, with an additional 140 receiving formal notices from law enforcement agencies.

On the fraudulent website, visitors were greeted with a homepage showcasing various Olympic events. Clicking on any sports icon redirected users to a ticketing page where they could select tickets and input payment details. The site also offered features for users to create accounts for buying and selling tickets enhancing its facade of legitimacy.

Notably, the website’s design closely resembled that of well-known ticketing platforms, further deceiving visitors into believing its authenticity.

The phishing website’s home page. | Source: Proofpoint

“The homepage listed many Olympic events, and if the user clicked on one of the sports icons, they were taken to a ticketing page that allowed the user to select tickets and provide payment data. The site also appeared to allow the user to establish accounts to buy and sell tickets,” researchers noted.

The primary objective behind such fraudulent websites is likely financial gain through duping unsuspecting individuals attempting to purchase or sell Olympic tickets.

Researchers also noticed that the site also collected sensitive personal information from users, including names, and contact details such as email addresses, mailing addresses, phone numbers, and credit card information.

Malicious email campaign. | Source: Proofpoint

The malicious domain is primarily spread through advertisements in search engine results. While not extensively distributed through email campaigns, a small number of emails containing the domain were observed. These emails purported to offer ticket discounts, possibly enticing recipients to engage with the fraudulent website.

While the method of acquiring target emails remains confirmed, it’s speculated that users may have provided their email addresses during account creation or ticket purchase attempts.

As of now, researchers have not attributed this phishing scam to any threat actor. However, during their investigation, researchers discovered another website, seatsnet[.]com, sharing infrastructure and design similarities with the fraudulent Olympics site. Seatsnet[.]com has garnered numerous complaints on various scam reporting platforms, with users alleging non-receipt of purchased tickets.

This incident underscores how search engines can also play a major role in expanding phishing scams. The website’s strategic placement in search engine results and its professional design misled users into believing it was an authorised and secure source for Olympic tickets.

Earlier, it was reported that the Paris Olympics is on the radar of several threat actors including APT 42, APT 43, APT 15, UNC1151, and Doppelganger, among others.

In the News: ChromeOS embraces Android stack for quicker AI integration

Kumar Hemant

Kumar Hemant

Deputy Editor at Candid.Technology. Hemant writes at the intersection of tech and culture and has a keen interest in science, social issues and international relations. You can contact him here: kumarhemant@pm.me

>