The Paris Olympics in 2024 is not only a major event for athletes but also a prime target for cybercriminals. Scammers have designed various fraudulent activities such as fake ticket sales, Olympics-themed lotteries, free data scams, and information-stealer phishing campaigns. Additionally, Russian hackers have also targeted the event in response to Russia's exclusion from the Olympics due to the invasion of Ukraine.
Scammers have exploited the high public interest in the Paris games by creating fake websites that mimic the official ticketing site. Since March 2023, more than 338 such websites have been identified, with 51 shut down and 140 receiving formal notices, as reported by French broadcaster Franceinfo on June 9. The only official site for purchasing tickets is tickets.paris2024.org.
These fraudulent sites, like paris24ticket[.]com, ticket-paris24[.]com, tickets-paris24[.]com, billetterie-paris2024[.]info, and tickets.paris24[.]org, sell fake tickets and collect personal data. Virus scan programs have confirmed that these sites contain phishing links. Some sites, such as ticket-paris24[.]com and tickets-paris24[.]com, closely resemble the official site in both design and content. Another site, paris24ticket[.]com deceives people who wish to exchange their legitimate ticket for another event, selling them a fake ticket and profiting from the original one. The Paris Olympics organizers allow the transfer of tickets, which scammers exploit.
Streaming of the Olympic events is another bait used by scammers. Victims are tricked into sharing personal information and making payments.
Fake contests and scams offering a 48GB free data plan to users of all telephone networks have also emerged, deceiving users into providing personal and credit card information. Olympic-themed lottery scams leverage the names of national lotteries and major companies like Coca-Cola, Microsoft, and Google. These scams primarily target users in countries such as the US, Japan, Germany, France, Australia, the UK, and Slovakia.
In response to Russia being barred from the 2024 Olympics, Russian advanced persistent threat (APT) groups have shown their anger through cyberattacks. India's Open Source Intelligence (OSINT) team discovered multiple Telegram groups planning attacks on the digital infrastructure of the Paris Olympics and its host, France.
On Monday, Russian hackers announced plans to attack Olympic sponsors. The pro-Russia 'Cyber Army of Russia Reborn' group declared on its Telegram channel that they would conduct massive DDoS attacks on the resources of all sponsors. Other pro-Russian hacktivist groups like Anonymous Sudan, NoName057 (16), UserSec, and Server Killers have been identified by Google as posing a "viable threat" to the Summer Olympics.
Misinformation campaigns are also prevalent on social media, aiming to portray Paris as an unsafe venue and damage the reputation of the IOC (International Olympics Committee). A Microsoft report highlighted that Russian influence actors, identified as Storm-1679 and Storm-1099, have shifted their operations to target the 2024 Olympic Games and French President Emmanuel Macron since June 2023. These campaigns seek to convince the public to expect violence in Paris during the Olympics.
A fake documentary titled "Olympics Has Fallen" falsely claims to be a Netflix production narrated by actor Tom Cruise. This documentary attacks the Olympics' image using AI-generated audio resembling Cruise's voice and spoofed Netflix branding with fake five-star reviews from reputable media outlets. Storm-1679 promoted this documentary on social media, targeting US and European users. They also deceived US celebrities on Cameo into recording videos that were edited into anti-Ukrainian propaganda and advertisements for the fake documentary, creating a false impression of celebrity endorsements.
The 2020 Tokyo Olympics experienced 450 million attempted cyberattacks, highlighting the persistent threat posed by cybercriminals to major sporting events like the Paris Olympics.
Â