Fake tickets, scams and Russian attacks: Here are top Olympic-themed cyber threats

The Paris Olympics is the highlight of the year 2024 for sportspersons – and cybercriminals, who have designed fake ticket sales, Olympics-themed lotteries, free data scams, and information stealer phishing campaigns. Plus, there is a Russia factor.

Scammers have exploited the huge public interest in watching athletes give their best shot at the Paris games by launching fraudulent websites imitating the official ticketing site. Since March 2023, more than 338 such websites have been identified – 51 of them have been shut down and 140 received formal notices, French broadcaster Franceinfo said on June 9. The official site for buying tickets is tickets.paris2024.org.

Fraudulent sites like paris24ticket[.]com, ticket-paris24[.]com, tickets-paris24[.]com, billetterie-paris2024[.]info, and tickets.paris24[.]org are selling Olympics tickets to spectators and collecting data in the process. Virus scan programs show they contain phishing links.

Many of these sites, like ticket-paris24[.]com and tickets-paris24[.]com, are almost identical to the official website in design and content. Another site, paris24ticket[.]com, dupes people who already have a ticket for an event but now want to attend another sporting contest at the Olympics. It purchases the legitimate ticket and sells them a fake one. In this way, scammers stand to make more profit by selling the original ticket. Organisers of the Paris Olympics allow the transfer of a ticket.

Streaming of the Olympics sporting events is another lure. Victims end up sharing personal data and making payments.

Scams claiming to provide a 48GB free data plan to users of all telephone networks have also emerged, deceiving users into providing personal and credit card information. Fake contests have also been spotted on social media.

Olympic-themed lottery scams leverage the names of national lotteries and major companies like Coca-Cola, Microsoft, and Google, researchers say. These scams mainly target users in countries such as the US, Japan, Germany, France, Australia, the UK, and Slovakia.

RUSSIAN ATTACKS

Russia has been barred from participating in the 2024 Olympics due to its invasion of Ukraine – a move which seems to have angered Russian advanced persistent threat (APT) groups.

India Today’s Open Source Intelligence (OSINT) team has found multiple Telegram groups planning and announcing cyberattacks on the digital infrastructure of the Paris Olympics and its host, France.

On Monday, Russian hackers announced their intention to channel their efforts into attacking the Olympics sponsors during this week. “The only Russian participation needed here (in the Games) is a series of massive DDoS attacks on the resources of all sponsors,” declared the pro-Russia ‘Cyber Army of Russia Reborn’ group on its Telegram channel.

Anonymous Sudan, NoName057 (16), UserSec, and Server Killers are other pro-Russian hacktivist groups that Google says pose a “viable threat” to the Summer Olympics.

NARRATIVE CAMPAIGNS

Social media is rife with misinformation campaigns seeking to portray Paris as an unsafe venue for the world’s biggest sporting event and damage the reputation of the IOC (International Olympics Committee).

A Microsoft report says Russian influence actors, identified as Storm-1679 and Storm-1099, shifted their operations to target the 2024 Olympic Games and French President Emmanuel Macron since June 2023. Their online campaigns seek to convince people to expect violence in Paris during the Olympics.

A fake documentary titled “Olympics Has Fallen” – falsely claiming to be a Netflix production narrated by actor Tom Cruise – attacks the Olympics’ image. It was produced using AI-generated audio resembling Cruise’s voice and spoofed Netflix’s branding with fake five-star reviews from reputable media outlets, according to the Microsoft report.

Storm-1679 promoted the documentary on social media sites, targeting US and European users. They also deceived US celebrities on Cameo into recording videos that were edited into anti-Ukrainian propaganda and advertisements for the fake documentary, creating the false impression of celebrity endorsements.

The 2020 Tokyo Olympics experienced 450 million attempted cyberattacks.