Hackers are trying to take advantage of people looking to buy and sell tickets for the Paris 2024 Summer Olympic Games with fake sales websites that just steal victim’s money.
In a new report, cybersecurity researchers from Proofpoint said they found a fake website advertising Paris 2024 tickets, and are urging people to be extra careful when shopping for tickets online.
According to the research, the website “paris24tickets[.]com” is fraudulent, as it claims to be a “secondary marketplace for sports and live events tickets,” but all it does is steal people’s money and possibly, sensitive data.
Abusing Google Ads
There are numerous ways a fake website such as this one can hurt people. Besides the obvious – paying for a non-existent ticket – victims can also share sensitive private information, which the hackers can later sell on the black market, or use in phishing attacks themselves.
Making matters even worse, the website comes up as the second sponsored search result on Google, for the “Paris 2024 tickets” query. This means that whoever is behind the attack managed to purchase an ad spot on Google.
Malvertising on Google is nothing new. Hackers would first look for, and compromise, a Google Ads account with multiple ads already running. Then, they would use the funds found on the account to pay for ad space themselves. What’s more, since ads need to go through a vetting process, ads from verified accounts have bigger chances of making it through.
There are now hundreds of fake websites related to the Summer Olympic Games, all looking to take advantage of gullible people in one way or another. Proofpoint said that the French police, French Gendarmerie Nationale, so far found 338 fraudulent ticketing websites.
The Olympic Games are a major sporting event, and as such will be an important target for hackers. The UEFA Euro 2024, the FIFA World Cup Qatar 2022, the 2014 Sochi Winter Olympics, those were all used to either propagate malware, or steal money and data from people.