Hackers are trying to take advantage of people looking to buy and sell tickets to the Paris 2024 Summer Olympics with fake sales websites that simply steal victims' money.
In a new report, cybersecurity researchers at Proofpoint said they found a fake website advertising tickets for Paris 2024 and are urging people to be very careful when purchasing tickets online.
According to the investigation, the website “paris24tickets[.]com” is fraudulent as it claims to be a “secondary marketplace for live and sporting event tickets,” but all it does is steal people's money and possibly sensitive data.
Abuse Google Ads
There are numerous ways a fake website like this can harm people. Besides the obvious (paying a non-existent fine), victims can also share sensitive private information, which hackers can later sell on the black market or use themselves in phishing attacks.
To make matters even worse, the website appears as the second sponsored search result on Google, for the query “Paris 2024 Tickets”. This means that whoever is behind the attack managed to purchase an ad on Google.
Malvertising on Google is nothing new. Hackers would first search for and compromise a Google Ads account with several ads already running. They would then use the funds found in the account to pay for the advertising space themselves. What's more, since ads must go through a vetting process, ads from verified accounts have a better chance of doing so.
There are currently hundreds of fake websites related to the Summer Olympics, all of which seek to take advantage of gullible people in one way or another. Proofpoint said French police, the French National Gendarmerie, have so far found 338 fraudulent ticket-selling websites.
The Olympics are a major sporting event and as such will be a major target for hackers. Euro 2024, FIFA World Cup Qatar 2022 and the Sochi 2014 Winter Olympics were used to spread malware or steal people's money and data.
