Dubai, UAE – Leading cybersecurity provider Proofpoint recently identified a fraudulent website purporting to sell tickets to the Paris 2024 Summer Olympic Games. The website “paris24tickets[.]com” claimed to be a “secondary marketplace for sports and live events tickets.” It was notably listed as the second sponsored search result on Google, after the official website, when searching for “Paris 2024 tickets” and related searches. Proofpoint confirmed with official sources in France that the site was fraudulent. Proofpoint’s Takedown Team worked with the registrar to suspend the domain quickly after its initial discovery.

Emile Abou Saleh, Senior Regional Director, Middle East, Turkey, and Africa at Proofpoint, said: “The buzz around mega-events like the Paris Olympics creates a feeding frenzy for cybercriminals. They exploit this excitement with social engineering – a sophisticated psychological manipulation tactic – effectively playing people, not technology. These same tactics fuel Business Email Compromise attacks, where they steal credentials, data, and money. Proofpoint's 2024 State of the Phish report reveals a staggering 19% increase in BEC attacks last year. For fans in the Middle East, where social engineering is a dominant cybercrime weapon, remember to be vigilant and only trust verified sources. Don't let your Olympic dreams turn into a security nightmare.”

The site that Proofpoint’s Takedown Team got suspended was sadly just one of many. According to the French Gendarmerie Nationale, their efforts in collaboration with Olympics partners have identified 338 fraudulent Olympics ticketing websites. Of these, 51 have been shut down, with 140 receiving formal notices from law enforcement.

On the website identified by Proofpoint researchers, the homepage listed many Olympic events, and if the user clicked on one of the sports icons, they were taken to a ticketing page that allowed the user to select tickets and provide payment data. The site also appeared to allow users to establish accounts to buy and sell tickets. 

The website design appeared similar to other well-known ticketing sites visitors would be familiar with, increasing the site's perceived legitimacy.  

It is likely the threat actors managing this website were trying to steal money from people attempting to buy or sell Olympics tickets. It’s possible the site also collected personal information from people attempting to purchase tickets including names, contact information like email and mailing addresses and phone numbers, and credit card details.

The domain is believed to have been primarily distributed via ads in search results. While not observed in widespread email campaigns, the domain was observed in a small number of emails. In some cases, the bad actor sent emails claiming to provide “discounts” on tickets possibly of interest to the recipient. While researchers cannot confirm how the actor obtained the targets’ emails, it is possible the users included their email addresses when they signed up to the website or attempted to purchase tickets.  

Fraudsters will always capitalize on current events, and the Olympic Games is no exception. Unsuspecting users likely clicked on the website because it appeared to be a legitimate entity that specialized in the sale of Olympic tickets.  The website’s placement on the search engine under the official Paris Olympics ticket site could have further added to its legitimacy, convincing users that they were an authorized and safe source. While this specific domain should no longer be active, we expect other bad actors to take advantage of the event and create new fraudulent Olympics-related websites.

The only way to get tickets for the Paris 2024 Olympic and Paralympic Games is through the organization’s official ticketing website.  

About Proofpoint, Inc.

Proofpoint, Inc. is a leading cybersecurity and compliance company that protects organizations’ greatest assets and biggest risks: their people. With an integrated suite of cloud-based solutions, Proofpoint helps companies around the world stop targeted threats, safeguard their data, and make their users more resilient against cyber-attacks. Leading organizations of all sizes, including 85 percent of the Fortune 100, rely on Proofpoint for people-centric security and compliance solutions that mitigate their most critical risks across email, the cloud, social media, and the web. More information is available at www.proofpoint.com.

Connect with Proofpoint: X | LinkedIn | Facebook | YouTube

Proofpoint is a registered trademark or tradename of Proofpoint, Inc. in the U.S. and/or other countries. All other trademarks contained herein are the property of their respective owners.

Proofpoint media contact:
Sara Seggari
sara.seggari@bpggroup.com