Research has revealed that 166 unique domains were discovered before the 2024 Olympic Games. These domains displayed common signs of DNS abuse, which allowed threat actors to conduct financial scams.
BforeAI, a company offering digital risk protection and cyber threat intelligence services, has released an infrastructure attack report surrounding the 2024 Paris Olympic Games.
In this report, the company identified 166 different domains “that leveraged on the common signs of DNS abuse such as keyword stuffing, typosquatting, and known top-level domains (TDLs) often used for phishing.”
Threat actors exploited this event by replicating existing brands affiliated with the Olympics and conducting financial scams.
BforeAI found that sets of malicious domains used unconventional or suspicious (TDLs) like:
.xyz
.win
.stream
.mobi
.shop
.store
.info
The company expressed that these TDLs are often used because they’re a cheaper alternative and are often less regulated. One way to easily spot any phishing or financial scam related to high-profile events is the misspelling or unconventional spelling of the specific experience – for example, variations of the word Olympics were present within suspicious websites.
According to BforeAI, this is a way to catch users who misspell or mistype a legitimate domain name. Threat actors also leveraged search engine optimization (SEO) methods by using keywords to attract traffic and appear credible and relevant in search engines. “By doing so, the domains in this cybercriminal infrastructure gain an advantage of ‘domain age,’ which can influence their future search engine rankings and SEO,” BforeAI said. This tactic aids malicious campaigns as it makes it more likely that scam or phishing emails from these sites will be delivered, all while increasing public trust.
Illegitimate Olympic shops
The company also identified various counterfeit Olympic shop domains, which could have resulted in severe financial losses for fans and enthusiasts. These fraudulent websites ranged from selling Olympic merchandise to promising tickets to the 2024 Olympic Games in Paris.
BforeAI identified two prolific domains, that share the same TDL as the aforementioned domains to look out for when identifying a scam: parisolympics2024[.] store shop-olympics[.]shop
Threat actors don’t only want to steal your money. Your credentials are often equally as, if not more, valuable.
Therefore, cybercriminals used the Olympic Games' popularity to their advantage and claimed to sell tickets to the event, which were actually fraudulent.
“These fraudulent websites, often deceptively named things like, "Paris Olympics 2024 Tickets," aimed to steal personal information such as name, email, address, and contact details from unsuspecting users redirected to these sites.”
Alongside harvesting credentials, users could also enter their payment information to " buy” tickets to the Olympic Games. Instead of sending tickets to their inbox, credit card numbers, expiration dates, and CVC codes would be extracted and potentially sold on the dark web for future exploitation.
Crypto scams
Not only were fraudulent websites harvesting credentials, but numerous cryptocurrency scams coincided with the Olympic Games.
Scam cryptocurrency coins were marketed using branding relating to the 2024 Olympic Games. BforeAI also highlighted that threat actors have previously exploited high-profile events like the FIBA World Cup to promote their crypto schemes. These scams can create distress and leave “investors” in financial trouble.
If you are planning to go to a popular concert or high-profile event, you should always rely on the official websites related to that experience to receive the best service.
If the site looks too good to be true or promises something unusual, don’t take it. Avoid entering your credentials and personal information into random websites that claim to be associated with the event.
It’s important to be aware of the rise in highly deceptive domains related to any event. That’s just one lesson that the Paris Olympics can teach us about online scams.
“Continuous monitoring of the registrars linked to identified malicious domains can help uncover the tactics, techniques, and procedures (TTPs) used and inform future activities around globally critical events, the BforeAI report concludes.