Hackers are trying to take advantage of people looking to buy and sell tickets for the 2024 Summer Olympics in Paris with fake sales websites that only steal the victim’s money.
In a new report, cybersecurity researchers from Proofpoint write said they have found a fake website promoting Paris 2024 tickets, and are urging people to take extra care when buying tickets online.
According to the investigation, the website “paris24tickets(.)com” is fraudulent because it claims to be a “secondary marketplace for tickets to sports and live events” but all it does is steal people’s money and possibly sensitive data .
Abuse of Google ads
There are countless ways a fake website like this can hurt people. Besides the obvious – paying for a non-existent ticket – victims can also share sensitive private information, which the hackers can later sell on the black market or use themselves in phishing attacks.
What makes matters worse is that the website is the second sponsored search result on Google, for the query ‘Paris 2024 tickets’. This means that whoever is behind the attack has managed to buy an advertising spot on Google.
Malvertising on Google is nothing new. Hackers would first look for a Google Ads account that is already showing multiple ads and compromise them. They then used the money in the account to pay for advertising space themselves. Additionally, because ads must go through a vetting process, ads from verified accounts have a better chance of passing.
There are now hundreds of fake websites related to the Summer Olympics, all looking to take advantage of gullible people in one way or another. Proofpoint said the French police, the French Gendarmerie Nationale, have found 338 fraudulent ticketing websites so far.
The Olympic Games are a major sporting event and as such will be a prime target for hackers. The UEFA Euro 2024, the Qatar 2022 FIFA World Cup, the 2014 Winter Olympics in Sochi, all were used to spread malware or steal people’s money and data.