Cybersecurity researchers at QuoIntelligence have discovered a massive fraud campaign selling fake Olympics tickets at inflated prices to lure victims into believing they were legitimate.
“For example, a random event and seat location on the official website could cost less than €100, whereas the same tickets and locations on the fraudulent websites were priced at a minimum of €300, often reaching €1000,” the report states.
Dubbed Ticket Heist, the campaign involves 708 domains that all point to the same IP address 179[.]43[.]166[.]54, with 20 registered every month. Some domains, such as ticket-paris24[.]com and tickets-paris24[.]com, appear to be clones of each other.
Sophisticated websites are selling fake Olympics tickets
According to the researchers, the bulk domains host impressive websites with similar UI frameworks and slight variations in content and language.
However, they have minor spelling and grammar mistakes, “likely due to direct translation from Russian to English.” Many sports fans will likely overlook the slight mistakes to avoid missing rare tickets.
The professional design and the ability to interact with the tickets also increase the credibility of the fake websites to encourage victims to buy the fake Olympics tickets.
“The sophistication observed in these fraudulent websites was unexpected, suggesting a high level of motivation and meticulous attention to detail by the attackers behind this campaign,” the researchers stated. “This indicates their intent to maximize the success of their fraudulent activities targeting fans.”
Additionally, the websites use Stripe to process payments and do not host malware or credit card scrappers, allowing them to escape web scanners. Instead, they aim to steal money directly from victims through legitimate transactions initiated by the victims.
Proofpoint says the French Gendarmerie Nationale has identified 338 fraudulent Olympics ticketing websites, of which 51 have been shut down, and 140 have received law enforcement notices.
Diversified fake Olympics tickets fraud campaign
According to QuoIntelligence researchers who discovered the fraud campaign, the websites target Russians trying to purchase tickets for the Paris 2024 Summer Olympic Games. However, using English allows them to target other potential victims globally.
Similarly, the fraud campaign targets music events featuring bands and musicians such as Iron Maiden and Bruno Mars.
The fake Olympics ticket websites apply malvertising tactics to target people searching for Paris 2024 Tickets online. Proofpoint researchers observed a fake Olympics ticket site paris24tickets[.]com appearing as the second sponsored search result on Google next to the official website.
Threat actors will also likely diversify the fraud campaign by promoting the fake Olympics tickets across social media to cast a wider net.
Olympics fraud campaign: A page out of threat actor’s playbook
Cybercriminals often target international sporting events such as the Paris 2024 Summer Olympics to defraud sports fans, steal personal information, and distribute malware.
Similarly, nation-state actors target popular sports events to disrupt the tournament, compromise government officials for cyber espionage, and spread disinformation to achieve their geopolitical objectives.
“Major sporting events have always been the targets of cybercriminals, with motives ranging from the trivial to the critical,” said Rogier Fischer, CEO, Hadrian. “Hackers targeted the Winter Olympics 2018 in Pyeongchang, causing disruptions during the opening ceremony as retaliation for Russia’s ban due to doping, while in 2009, a hacker intercepted the Super Bowl XLIII broadcast, just to air inappropriate content, In the case of large public events, we expect the organizers to enhance network security with regular audits, secure Wi-Fi networks, and multi-factor authentication etc.”
With France actively supporting Ukraine, Russia is already trying to undermine the Paris 2024 Summer Olympics through disinformation.
Similarly, the Olympics Committee has warned about another fraud campaign targeting the 2024 Paralympic Games with free fake Olympics tickets but demanding advance postage fees.
