Proofpoint warns of ticket scams as phony Paris Olympic Games 2024 sites proliferate

0
134
Proofpoint warns of ticket scams as phony Paris Olympic Games 2024 sites proliferate
Proofpoint warns of ticket scams as phony Paris Olympic Games 2024 sites proliferate

Proofpoint confirmed with official sources in France that the site was fraudulent.

Dubai, UAE, July 2024: Leading cybersecurity provider Proofpoint recently identified a fraudulent website purporting to sell tickets to the Paris 2024 Summer Olympic Games. The website “paris24tickets[.]com” claimed to be a “secondary marketplace for sports and live events tickets.” It was notably listed as the second sponsored search result on Google after the official website, when searching for “Paris 2024 tickets” and related searches. Proofpoint confirmed with official sources in France that the site was fraudulent. Proofpoint’s Takedown Team worked with the registrar to suspend the domain quickly after its initial discovery.

Emile Abou Saleh, Senior Regional Director, Middle East, Turkey, and Africa at Proofpoint, said: “The buzz around mega-events like the Paris Olympics creates a feeding frenzy for cybercriminals. They exploit this excitement with social engineering—a sophisticated psychological manipulation tactic—effectively playing people, not technology. These same tactics fuel business email compromise attacks, where they steal credentials, data, and money. Proofpoint’s 2024 State of the Phish report reveals a staggering 19% increase in BEC attacks last year. For fans in the Middle East, where social engineering is a dominant cybercrime weapon, remember to be vigilant and only trust verified sources. Don’t let your Olympic dreams turn into a security nightmare.”

The site that Proofpoint’s Takedown Team got suspended was sadly just one of many. According to the French Gendarmerie Nationale, their efforts in collaboration with Olympic partners have identified 338 fraudulent Olympic ticketing websites. Of these, 51 have been shut down, with 140 receiving formal notices from law enforcement.

On the website identified by Proofpoint researchers, the homepage listed many Olympic events, and if the user clicked on one of the sports icons, they were taken to a ticketing page that allowed the user to select tickets and provide payment data. The site also appeared to allow users to establish accounts to buy and sell tickets.

The website design appeared similar to other well-known ticketing sites visitors would be familiar with, increasing the site’s perceived legitimacy.

It is likely the threat actors managing this website were trying to steal money from people attempting to buy or sell Olympics tickets. It’s possible the site also collected personal information from people attempting to purchase tickets, including names, contact information like email and mailing addresses and phone numbers, and credit card details.

The domain is believed to have been primarily distributed via ads in search results. While not observed in widespread email campaigns, the domain was observed in a small number of emails. In some cases, the bad actor sent emails claiming to provide “discounts” on tickets possibly of interest to the recipient. While researchers cannot confirm how the actor obtained the targets’ emails, it is possible the users included their email addresses when they signed up to the website or attempted to purchase tickets.

Fraudsters will always capitalize on current events, and the Olympic Games is no exception. Unsuspecting users likely clicked on the website because it appeared to be a legitimate entity that specialized in the sale of Olympic tickets. The website’s placement on the search engine under the official Paris Olympics ticket site could have further added to its legitimacy, convincing users that they were an authorized and safe source. While this specific domain should no longer be active, we expect other bad actors to take advantage of the event and create new fraudulent Olympics-related websites.

The only way to get tickets for the Paris 2024 Olympic and Paralympic Games is through the organization’s official ticketing website.

Also readAchieving Rapid Outcomes with AI-Driven Cloud Analytics

Do FollowCIO News LinkedIn Account | CIO News Facebook | CIO News Youtube | CIO News Twitter 

About us:

CIO News is the premier platform dedicated to delivering the latest news, updates, and insights from the CIO industry. As a trusted source in the technology and IT sector, we provide a comprehensive resource for executives and professionals seeking to stay informed and ahead of the curve. With a focus on cutting-edge developments and trends, CIO News serves as your go-to destination for staying abreast of the rapidly evolving landscape of technology and IT. Founded in June 2020, CIO News has rapidly evolved with ambitious growth plans to expand globally, targeting markets in the Middle East & Africa, ASEAN, USA, and the UK.

CIO News is a proprietary of Mercadeo Multiventures Pvt Ltd.