Europe connect

Security Brief: Scammers Create Fraudulent Olympics Ticketing Websites

Share with your network!

What happened

Proofpoint recently identified a fraudulent website purporting to sell tickets to the Paris 2024 Summer Olympic Games. The website “paris24tickets[.]com” claimed to be a “secondary marketplace for sports and live events tickets.” It was notably listed as the second sponsored search result on Google, after the official website, when searching for “Paris 2024 tickets,” and related searches. Proofpoint confirmed with official sources in France that the site was fraudulent. Proofpoint’s Takedown Team worked with the registrar to suspend the domain quickly after its initial discovery.

The site was just one of many. According to the French Gendarmerie Nationale, their efforts in collaboration with Olympics partners have identified 338 fraudulent Olympics ticketing websites. Of these, 51 have been shut down, with 140 receiving formal notices from law enforcement. 

Figure 1

Google result for “Paris 2024 tickets” including the fraudulent domain as a sponsored advertisement. 

On the website identified by Proofpoint researchers, the homepage listed many Olympic events, and if the user clicked on one of the sport icons, they were taken to a ticketing page that allowed the user to select tickets and provide payment data. The site also appeared to allow the user to establish accounts to buy and sell tickets.  

The website design appeared similar to other well-known ticketing sites visitors would be familar with, increasing the perceived legitimacy of the site.  

Figure 2

Fraudulent Olympics tickets website homepage. 

Figure 3

Alleged ticket purchasing page. 

It is likely the threat actors managing this website were trying to steal money from people attempting to buy or sell Olympics tickets. It’s possible the site also collected personal information from people attempting to purchase tickets including names, contact information like email and mailing addresses and phone numbers, and credit card details. 

The domain is believed to have been primarily distributed via ads in search results. While not observed in widespread email campaigns, the domain was observed in a small number of emails. In some cases, the bad actor sent emails claiming to provide “discounts” on tickets possibly of interest to the recipient. While researchers cannot confirm how the actor obtained the targets’ emails, it is possible the users included their email address when they signed up to the website or attempted to purchase tickets.  

Figure 4

Suspicious email directing the recipient to purchase tickets at a “discount.” 

Attribution

Proofpoint does not attribute this activity to a known threat actor.  When investigating this website, Proofpoint researchers identified another website that shared infrastructure and design with the fraudulent Olympics site. This website, seatsnet[.]com, has received hundreds of complaints on various scam reporting websites claiming users never received tickets they paid for. 

Why it matters

Fraudsters will always capitalize on current events and the upcoming Olympic Games is no exception. Unsuspecting users likely clicked on the website because it appeared to be a legitimate entity that specialized in the sale of Olympic tickets.  The website’s placement on the search engine under the official Paris Olympics ticket site could have further added to its legitimacy, convincing users that they were an authorized and safe source. While this specific domain should no longer be active, we expect other bad actors to take advantage of the event and create new fraudulent Olympics-related websites. 

The only way to get tickets for the Paris 2024 Olympic and Paralympic Games is through the organization’s official ticketing website.