The Paris Olympic Games, which kicked off on July 26, 2024, have become a target for malicious online activities, according to a recent report by cybersecurity researchers at BforeAI. The study reveals a surge in fraudulent schemes surrounding the event, including fake social media accounts, online stores, ticketing systems, and even fraudulent cryptocurrencies.
The researchers focused on analyzing newly registered domains (NRDs) acquired in the two weeks leading up to the Olympics. Their findings uncovered 166 unique domains exhibiting signs of DNS abuse, such as keyword stuffing and typosquatting. These malicious domains often used unconventional and suspicious top-level domains (TLDs) like .xyz, .win, .stream, .mobi, .shop, .store, and .info. Additionally, variations and misspellings of “Olympics” were utilized to capture mistyped domain names, while keywords related to the event were heavily employed to attract traffic.
These tactics not only boosted the search engine visibility of these malicious sites but also enhanced their perceived legitimacy, increasing their chances of targeting unsuspecting victims successfully.
BforeAI warned consumers of the risks associated with fake Olympic shop domains, which could lead to financial losses and damage the reputation of legitimate vendors. The report also highlighted the presence of fake ticketing websites designed to extract personal and payment information from users, potentially leading to data theft and financial scams.
In addition to ticketing and merchandise scams, the research pointed out the emergence of scam cryptocurrency coins and tokens leveraging Olympic branding. Such schemes have historically caused significant financial losses for investors during major events like the FIFA World Cup.
Furthermore, unauthorized live-streaming websites offering free access to Olympic events pose a threat to official media broadcasters, potentially impacting the revenue of the International Olympic Committee (IOC).
To ensure a secure Olympic experience, BforeAI recommended that fans only rely on official Olympic websites and social media channels, avoid clicking on suspicious links, purchase tickets from authorized sources, verify the authenticity of websites hosted on unfamiliar TLDs, refrain from investing in Olympics-specific cryptocurrencies, and report fake Olympic-based websites on social media platforms to promote a safer online environment.