Proofpoint recently identified a fraudulent website purporting to sell tickets to the Paris 2024 Summer Olympic Games. The website “paris24tickets[.]com” claimed to be a “secondary marketplace for sports and live events tickets.” It was notably listed as the second sponsored search result on Google, after the official website, when searching for “Paris 2024 tickets” and related searches. Proofpoint confirmed with official sources in France that the site was fraudulent. Proofpoint’s Takedown Team worked with the registrar to suspend the domain quickly after its initial discovery.
Emile Abou Saleh, Senior Regional Director, Middle East, Turkey, and Africa at Proofpoint, said: “The buzz around mega-events like the Paris Olympics creates a feeding frenzy for cybercriminals. They exploit this excitement with social engineering – a sophisticated psychological manipulation tactic – effectively playing people, not technology. These same tactics fuel Business Email Compromise attacks, where they steal credentials, data, and money. Proofpoint’s 2024 State of the Phish report reveals a staggering 19% increase in BEC attacks last year. For fans in the Middle East, where social engineering is a dominant cybercrime weapon, remember to be vigilant and only trust verified sources. Don’t let your Olympic dreams turn into a security nightmare.”
The site that Proofpoint’s Takedown Team got suspended was sadly just one of many. According to the French Gendarmerie Nationale, their efforts in collaboration with Olympics partners have identified 338 fraudulent Olympics ticketing websites. Of these, 51 have been shut down, with 140 receiving formal notices from law enforcement.
On the website identified by Proofpoint researchers, the homepage listed many Olympic events, and if the user clicked on one of the sports icons, they were taken to a ticketing page that allowed the user to select tickets and provide payment data. The site also appeared to allow users to establish accounts to buy and sell tickets.
The website design appeared similar to other well-known ticketing sites visitors would be familiar with, increasing the site’s perceived legitimacy.
It is likely the threat actors managing this website were trying to steal money from people attempting to buy or sell Olympics tickets. It’s possible the site also collected personal information from people attempting to purchase tickets including names, contact information like email and mailing addresses and phone numbers, and credit card details.
The domain is believed to have been primarily distributed via ads in search results. While not observed in widespread email campaigns, the domain was observed in a small number of emails. In some cases, the bad actor sent emails claiming to provide “discounts” on tickets possibly of interest to the recipient. While researchers cannot confirm how the actor obtained the targets’ emails, it is possible the users included their email addresses when they signed up to the website or attempted to purchase tickets.
Fraudsters will always capitalize on current events, and the Olympic Games is no exception. Unsuspecting users likely clicked on the website because it appeared to be a legitimate entity that specialized in the sale of Olympic tickets. The website’s placement on the search engine under the official Paris Olympics ticket site could have further added to its legitimacy, convincing users that they were an authorized and safe source. While this specific domain should no longer be active, we expect other bad actors to take advantage of the event and create new fraudulent Olympics-related websites.
The only way to get tickets for the Paris 2024 Olympic and Paralympic Games is through the organization’s official ticketing website.
