As the upcoming 2024 Summer Olympic Games in Paris approach, cybercriminals are starting to launch campaigns aimed at stealing money or personal information, according to a report from Bitdefender.

These tactics include fake lotteries and deals for Olympic tickets and accommodations, often using popular brands like Coca-Cola, Microsoft, Google and the World Bank to appear legitimate.

The Paris 2024 Olympics will need to contend with a sophisticated array of cyberthreats, ranging from credential theft and malware to DDoS attacks and state-sponsored disinformation campaigns.

The integration of AI in cyberthreats is expected to grow, with cybercriminals using deepfakes and AI-generated content in social engineering attacks and scams. The report surfaces as the cyberthreat landscape surrounding major events has become more complex, with evolving ransomware tactics, particularly through ransomware-as-a-service (RaaS), state-sponsored activities, supply chain vulnerabilities and AI-driven attacks.

State-sponsored cyber operations driven by geopolitical tensions are expected to remain active and exploit global events, including the Olympics through cyber espionage, sabotage and disinformation campaigns.

Volume of Scams Likely to Escalate

Alina Bizga, Security Analyst at Bitdefender, warned these scams are likely to escalate, potentially leading to Wi-Fi traffic interception and criminals posing as fake officials. She explained the most concerning finding from the research is spikes in Olympics-themed scams, especially fake giveaways, lotteries and sweepstakes targeting personal information and money. “These scams leverage the high global interest in the Olympics, leading to an increase in spam that exploits user excitement and sneaks into inboxes alongside legitimate marketing lures,” she said.

This surge can overwhelm email systems and make it difficult for recipients to distinguish legitimate communications from scams, increasing the risk of personal data theft and financial loss. “These campaigns don’t just threaten the integrity of the games but also the security of millions of global spectators,” Bizga added.

The Paris Olympics are a prime target for cybercriminals from multiple perspectives, with increased online activity creating a fertile ground for phishing campaigns and deceptive messages that promote fraudulent giveaways, products or services.

Monique Becenti, director at Zimperium, said the use of trusted brands like Coke, Microsoft and Google in scams is highly concerning. “This tactic increases the success rate of these scams,” she explained.

The potential for these campaigns to evolve into more severe threats, such as Wi-Fi traffic interception and impersonation scams, highlights the urgent need for robust mobile security to protect personal information and financial data. From digital transactions, buying tickets and booking flights and accommodation to live streaming services and social media engagement, scammers will have countless opportunities to target individuals.

“The global visibility and high transaction volume make the Olympics a prime target,” Becenti said. “The excitement lowers people’s guard, increasing the risk of scams.”

Bizga explained the potential victim pool is also vast and diverse, and given the international audience and language barriers, that can potentially make it easier for scammers to succeed in their schemes. From her perspective, the Paris Olympics presents a unique set of cybersecurity challenges that require a coordinated and comprehensive approach from both the Olympic Committee and the host country.

“They must share in the responsibility of ensuring the digital safety of athletes, spectators and officials,” she said.
She explained the International Olympic Committee (IoC), alongside the French government, has the formidable task of setting comprehensive cybersecurity standards and frameworks that all stakeholders must stick to. These include policies for data protection, incident response and securing critical infrastructure such as transportation, energy and communication networks.

Race to Defend Against Threats

Abu Qureshi, threat intelligence lead at BforeAI, explained cyberthreats and malicious infrastructure campaigns have evolved significantly around major global events like elections, cultural celebrations and sporting events – exploiting the heightened public interest and online activity.

“Cybercriminals employ event-themed phishing, impersonation and typosquatting to deceive users, creating fake websites and fraudulent domains to steal credentials or distribute malware,” he said. “The old tactics still work.”
He noted they also use social media and compromised event platforms to distribute malicious campaigns. Qureshi said to defend against these threats, stakeholders should prioritize cybersecurity awareness training for all involved, employ strong cyber hygiene, ensure MFA and secure communication channels and conduct security audits of digital assets.

Businesses and organizations operating at or around the Olympic events (on-site or virtually) should also install protections to prevent brand and phishing-based attacks preemptively. “Collaboration with cybersecurity authorities and law enforcement is crucial for reporting incidents promptly and staying informed about emerging threats, ensuring comprehensive protection during the event,” he added.