Researchers discover over 700 illicit domains selling fake tickets for Olympic Games

Security researchers have identified 708 domains that are linked to a campaign that’s selling counterfeit tickets for the Olympic Games, a sporting event that’s being held this Summer in Paris.

Threat intelligence partner QuoIntelligence has dubbed this campaign Ticket Heist, which is mainly targeting Russian-speaking sports fans and several Eastern European countries.

Because of the ongoing war in Ukraine, the International Olympic Committee decided in March to ban Russian and Belarusian athletes from participating in the Olympics under their nation’s flags. Because of the polarization in the international landscape QuoIntelligence decided to monitor suspicious online activities regarding the Olympics.

Researchers uncovered a network of 708 fraudulent domains that are selling fake tickets for the Olympics. Some of them have been active since 2022.

Ticket-paris24.com and tickets-paris24.com were the first malicious domains to be discovered by researchers. “Despite minor spelling and grammar mistakes, likely due to direct translation from Russian to English, the website and its user experience were comparable to those of a high-end site,” QuoIntelligence notices.

The design and user experience of the fraudulent websites mimic those of legitimate sites, with only minor differences setting them apart from one another.

What also distinguishes fake and legitimate websites is the pricing. In most cases the prices on fake platforms are higher compared to the official selling points. That’s probably to trick spectators into giving them a premium treatment.

As the sporting event comes closer, the websites are upscaling their activities, luring spectators into buying tickets from unofficial platforms. On average, threat actors have registered 20 new domain names every month since 2022. Last November, an astounding 50 new domain names were registered.

Besides the Olympic Games in Paris, the operators of the Ticket Heist campaign have also tried to seduce unsuspected people to buy tickets for the UEFA European Championship. Additionally, they also tried selling fake tickets for concerts for famous bands and acts like Iron Maiden, Metallica, Rammstein and Bruno Mars.

“The impact of similar campaigns is always multifaceted and difficult to track, as they affect both individuals and organizations,” QuoIntelligence concludes. The threat actor behind the Ticket Heist campaign is directly responsible for financial losses, reputational damage and loss of trust in major events.

The only solution to effectively detect and dismantle fraudulent networks is by monitoring an event.