The Paris Olympics' Scams That Will Take Center Stage

The adage, “Victory loves preparation,” perfectly captures the essence of the Olympic Games. In addition to outstanding athletic achievements, the world prepped for the less glamorous aspects of international events, such as Paris Olympics’ scams including cyber threats and frauds.

Cybercriminals and fraudsters found the Olympics to be a valuable target due to their grandeur and widespread attention. The convergence of millions of spectators, athletes, and officials created an ideal environment for various cyber risks, such as ransomware attacks, phishing scams, and fraudulent ticket sales.

Contents hide

1 Paris Olympics’ Scams to Watch For

2 Domains Analysis

3 Impact & Mitigation

4 Conclusion

Paris Olympics’ Scams to Watch For

Fake Tickets

As we predicted, there has been a significant surge in phishing domains and websites aiming to exploit the heightened interest in the event. Cybercriminals exploited this opportunity by setting up fraudulent websites that deceived and stole from unsuspecting individuals.

One example is the website “paris24tickets[.]com,” which sells fake tickets. Multiple users have reported that tickets purchased at a lower price from this site were later cancelled by the website owners, leading to no tickets and monetary loss.

Travel Scams

Also as predicted, the Paris 2024 Olympics brought in a surge of travel scams as well. A notable example is “2024hotels[.]com,” which has been listing fake hotel listings leading to false bookings.

Another notable thing Bolster researchers observed were multiple APK files shared on third-party websites and fraudulent websites impersonating hotel reservation mobile apps, downloading apk files automatically on the system (possibly loaded with infostealers).

One similar example is “hxxps://expedia-hotels-flights-and-cars[.]apk[.]cafe/landvo/v1”.

IOC
Domain	hxxps://expedia-hotels-flights-and-cars[.]apk[.]cafe/landvo/v1
Serving IP	193[.]42[.]111[.]101
Package Name	com.expedia.bookings
MD5 Hash	3e821c778815b75f3a64a08f503a6776
File Type	Android

Deep Fake Video Scam

Russian threat actor group “Storm-1679” produced a fraudulent documentary titled “Olympics Has Fallen,” using an AI-generated voice-over of Tom Cruise to criticize the leadership of the IOC [International Olympic Committee].

This group, alongside Storm-1099, also fabricated fake news articles and deceptive videos, falsely attributing them to reputable sources such as Le Parisien and France24.

These materials falsely allege that the Paris Olympics will face extensive violence and terrorist threats.

Fake AI-Generated Movie Promoted Against Olympics [Source]

Fake Volunteer Mails

Scammers have sent fake volunteer emails from “volontaires@info-jeux2024[.]paris[.]fr,” targeting individuals eager to participate in the Paris 2024 Olympics. These fraudulent emails promise volunteer opportunities but ultimately aim to steal personal information and often money from unsuspecting recipients.

Cyber Attacks in France

1. DDos

Ahead of the Olympics, multiple French Government bodies suffered massive DDoS attacks, which caused infrastructure and services to be down. These attacks caused critical systems to go offline, affecting everything from public services to communication networks.

Several hacktivist groups, including Anonymous Sudan, LulzSec, and others, publicly claimed responsibility for these attacks. They have been actively calling for volunteers to join their efforts on their Telegram channels, amplifying the scale and impact of their cyber onslaughts.

DDos Attack towards the French Government Organizations

2. Data Breaches

Hacktivist groups like Anonymous Sudan and LulzSec have been using hashtags #opfrance and #fuckfrance to spearhead their campaign against the Paris 2024 Olympics. These hashtags have helped mobilize supporters and amplify their message across social media platforms.

A notable example of their disruptive activities was the recent attack on the French Olympic Games website, which resulted in a data breach compromising 3,000 lines of personal identifiable information (PII).

Domains Analysis

Bolster researchers analyzed domain registrations, from January 2024 until July 2024, using the top three keywords: “Paris,” “Olympics,”and “2024,” to understand the trends surrounding the Paris 2024 Olympics.

An examination of the data showed noteworthy patterns in online behavior. The number of domains with “Paris” increased significantly, reaching more than 1,800% increase from January to July.

Similarly, “Olympics” domains had a sharp surge that peaked in May at a rate of almost 1,100% increase since January. The number of domains with “Paris” and “2024” remained modest, reaching a peak in May. The combination of “2024” and “Olympics” showed a similar pattern.

On the other hand, domains that included “Paris” and “Olympics” increased steadily at almost 1042%, from January to July, suggesting deliberate attempts to take advantage of the event’s fame.

IOC
Domains	Main IP	Hosting Provider
paris24tickets[.]com	193[.]233[.]203[.]12	DomainContext Inc.
ticket-paris24[.]com	194[.]110[.]54[.]184 179[.]43[.]166[.]54	Name.com,Inc.
shop-olympics[.]com	63[.]250[.]43[.]135	NameCheap, Inc.
olympics-games[.]com	172[.]67[.]206[.]177 104[.]21[.]77[.]101	Spaceship, Inc.
olympicgamesparisfr[.]com	172[.]67[.]179[.]97 104[.]21[.]88[.]128	NameCheap, Inc.
2020hotels[.]com	174[.]142[.]89[.]178 184[.]107[.]112[.]82 67[.]205[.]125[.]38	Tucows Domains Inc.
olympcs[.]com	192[.]64[.]147[.]249 199[.]59[.]243[.]226	Dynadot LLC
olympics365[.]xyz	76[.]74[.]128[.]246	Promo People Inc.
apartmentforrentparisolympics[.]com	192[.]0[.]78[.]25 213[.]36[.]252[.]182 62[.]72[.]37[.]61	ONLINE SAS
parisolympics2024[.]in	119[.]18[.]54[.]23 157[.]173[.]216[.]177	GoDaddy.com,LLC
paris-olympics2024[.]com	13[.]107[.]253[.]69	GoDaddy.com,LLC
oympics[.]com	199[.]59[.]243[.]226	Dynandot LLC

Impact & Mitigation

IMPACT	MITIGATION
Data breaches have compromised thousands of lines of personal identifiable information (PII), exposing individuals to identity theft and further cyber-attacks.	Awareness about official platforms and resellers platforms to be made to general public specially the ones traveling from outside Paris to cut down the victim rate.
Massive DDoS attacks by hacktivist groups have disrupted essential government services and communication networks, hindering Olympic preparations and public services.	Implement robust cybersecurity measures including advanced DDoS protection, real-time network monitoring, and regular security audits to detect and mitigate potential threats promptly.
Financial and Reputation Loss	Research before downloading any application from 3rd party platforms or putting down cards while reserving accommodation or tickets.

Conclusion

With the start of the Paris Olympics 2024, the cyber threat landscape has become increasingly volatile. There has been a significant surge in phishing domains and websites exploiting the event’s popularity.

Using hashtags such as #opfrance and #fuckfrance, hacktivist groups are leading campaigns against the Olympics, causing significant disruptions to infrastructure and services.

The rise in phishing domains, travel scams, and coordinated attacks highlights the urgent need for enhanced cybersecurity measures. Maintaining vigilance and implementing proactive defences are essential to protect against these evolving threats and ensure the safety and security of the Paris 2024 Olympics.