Bitdefender Antispam Lab Warns of Olympics-Themed Phishing Scams (Online Safety Guide Included)

The 2024 Olympic Games in Paris promise to be a thrilling spectacle. Athletes from around the globe will compete in a range of events that will bring together a massive international audience excited to tune in to the celebrations.

However, some are interested in more than just watching one of the most anticipated sporting competitions of the year. Significant events like the Olympics have become a prime target for scammers and cybercriminals who are set to exploit the excitement and attention of the media, online and offline attendees, and even the partner and organizational committees.

Bitdefender Antispam Lab persistently monitors email-based threats to help keep internet users well-informed and mindful of the most recent scam trends and other phishing campaigns targeting sensitive data such as credentials and financial information.

Here’s what we’ve found:

• Olympics-themed spam, which also includes traditional marketing lures and scams, has been steadily flooding user inboxes in the past couple of weeks, according to researchers at Bitdefender Antispam Lab (see Figure 1). We expect that the spam email rate (including marketing and scams) to grow in the coming weeks.

• Top destination of the Olympics-themed spam (by volume)  was received by users in France, Ireland, Germany, the US and Italy (see Figure 2).

• Top source of Olympic Games spam (by volume) was sent from IP addresses in the US and France as seen in Figure 3 below (36 and 35 percentage points). The UK, Poland and China were also among the top sources of spam (by volume) sent during this period.

• Scam campaigns leveraging the 2024 Paris Olympic Games were spotted beginning at the end of May
• Cybercriminals are mainly focused on stealing personal information and money
• At this point, fake giveaways, lotteries and sweepstakes are among the most common Olympics-themed scam trends noticed by our researchers

Our research also taps into the spamvertising trend surrounding the upcoming Olympic Games which can turn into a particularly problematic issue for several reasons:

- High global interest in the Olympics may lead to a surge of spam emails exploiting user interest in the event

- Increased spam volume can overwhelm email systems and make it harder for recipients to distinguish between legitimate communications and scams

- Constant interruptions from spam emails that can decrease user engagement with genuine content

This form of advertising is unsolicited and relies on sending spam emails en masse without the recipient’s consent. The spamvertising business is cheap and gives unscrupulous marketers the opportunity to use harvested email addresses from public sources to target an unlimited number of recipients with minimal cost or effort. Spamvertising also allows spammers to use collected data to create detailed profiles of targeted individuals which can end up in the hands of malicious actors who can then use the data in fraudulent schemes.

Additionally, spamvertising often targets vulnerable individuals including seniors and less cyber-savvy individuals who are, unfortunately, more likely to fall victim to email scams.

The Paris Olympic Games 2024 Lottery Draw is a Sham

Lottery scams have existed since the dawn of the internet, and years of practice have taught fraudsters that these schemes are highly versatile and can be promoted alongside numerous topics (for example, the pandemic). Making matters worse, people still fall for these antiquated schemes.

Bitdefender researchers have spotted multiple Olympic Games-themed lottery scams in the past weeks. Cybercrooks use the names of national lotteries, financial institutions, and big tech giants to lure unsuspecting internet users.

Common impersonated brands include Coca-Cola, Microsoft, Google, the Turkish National Lottery, and the World Bank. The top destinations for this kind of lottery scams include the US, Japan, Germany, France, Australia, the UK and Slovakia

Note: The top destinations for Olympics-themed lottery scams are solely based on the scam samples analyzed below. To date, we’ve noticed that scammers prefer sending lottery scams en masse, writing the body of the emails in English - This doesn’t mean that cybercriminals won’t begin tailoring or localizing future schemes.

Alleged winnings range from $550,000 USD to $850,000 USD, depending on the campaign, and the body of messages is similar to your run-of-the-mill email lottery scam messages, with fraudsters simply adapting the text to suit the event.

As expected, the bogus messages inform recipients that their email address was part of a global lottery draw for the upcoming Paris Olympic Games. The scammers even add fake reference numbers or list the lucky numbers “drawn” in the fictitious lottery.

Other tactics and red flags include:

- Recipients must contact a “representative” via email (this agent has a Gmail account) or phone number

- They are required to provide additional information such as full name, address, age, and phone number

- Typos and uncommon phrasing

Scam samples:

We urge consumers to be aware that these campaigns might be part of a bigger plan, with scammers potentially bombarding inboxes with poorly and more “obvious” scam attempts to verify the validity of their email database and give potential victims a sense of security and self-confidence that they would never fall for such a poorly fashioned email scam.

Use your Visa for a chance to win tickets to the Paris Olympic Games 2024 scam

Cybercriminals are using a different approach in targeting sports fans in Brazil. A campaign impersonating financial service provider Visa baits unsuspecting users with a chance to win tickets to the Olympic Games by entering their CPF number (Cadastro de Pessoas Fisicas).

While the initial message displays plenty of indications of a scam, the cybercrooks did an excellent job in manufacturing a fake visa website.

Customers who take the bait are directed to a page where they are required to enter their CPF number to either register or check their participation.

Here’s what else you can expect in anticipation of the 2024 Paris Olympic Games

1. Phishing Attacks: Cybercriminals may begin sending messages that may appear to be from official Olympic Games partners, asking recipients to click on malicious links or provide personal information.

Example: unsolicited emails may offer last-minute ticket deals to Olympic events to steal your credit card details.

2. Fake Websites and Apps: Threat actors may begin promoting fraudulent websites and mobile apps that mimic official Olympic platforms, tricking users into downloading malware or providing sensitive information.

Example: Cybercrooks may advertise a fake app promising live-streaming of Olympic events that instead serves up credential-stealing Trojans and spyware.

3. Ticket Scams: Scammers may begin peddling counterfeit tickets to Olympic events at inflated or too-good-to-be-true prices.

For example, you may see a website offering heavily discounted tickets that do not exist, costing you time and money.

4. Public Wi-Fi Risks: Public Wi-Fi networks at Olympic venues and surrounding areas can be hotspots for cybercriminals to intercept your data.

Example: Checking your bank account while connected to an unsecured Wi-Fi network can result in a hacker stealing your login credentials.

5. Last-Minute Travel and Hotel Booking Scams: Scammers use fake travel and accommodation deals that lure consumers into paying for services that don’t exist.

Example: You see a great offer for a last-minute hotel deal in Paris at a great price, but after you pay, you discover the booking was fake.

6. Merchandise Scams: Fraudsters create fake ads and platforms to sell counterfeit Olympic merchandise.

Example: You see an ad on social media for an online shop selling fake Olympic Games merchandise, including T-shirts and plushies.

On-Site Scams and Physical Security

1. Pickpocketing and Theft: Crowded places and venues always present an increased risk of physical theft, so keep your valuables secure and be aware of your surroundings.

2. Fake Officials: Scammers might pose as Olympic officials to steal personal information or money. Whenever in doubt, verify the identity of any official by checking credentials and contacting the organization directly.

Staying Safe Online During the Olympic Games

1. Be on the lookout for scams and phishing attempts

Olympics-themed scams may come in the form of emails, social media messages, or fake websites designed to steal your personal information.

Safety tips to avoid scams:

• Verify the source: Only open emails and messages from known senders. If you receive a suspicious message claiming to be from an official Olympic source, verify its legitimacy by checking the official website or contacting the organization directly.
• Look for red flags: Be wary of emails that contain spelling errors, generic greetings, or urgent requests for personal information.
• Do not click on suspicious links: Hover over links to see the actual URL before clicking. If the link looks suspicious or unfamiliar, do not click on it.
• Use a security solution: A trustworthy security solution can protect you from malicious software, phishing attempts and fraud.
• Use dedicated scam detection tools such as Bitdefender Scamio

Use Bitdefender Scamio, our AI-powered tool dedicated to helping you identify and avoid potential scams. When unsure about an email, you can check it with Scamio on WhatsApp, Facebook Messenger, or a web browser for free! Copy/ paste a text or link, describe the situation, and upload the image or the QR code you want to verify. Scamio will analyze the data and tell you if anyone is trying to scam you.  You can also help others stay safe by sharing Scamio with them in France, Germany, Spain, Italy, Romania, Australia and the UK.

2. Conduct a password checkup

Use strong and unique passwords for your online accounts to protect against fraud and unauthorized access to information. If you are thinking of creating new accounts specifically for the Olympic games don’t recycle old passwords or use easily guessable ones such like “password123”. “paris2024” or “olympicgames2024”.

Tips for creating strong passwords:

• Use a mix of characters: Combine upper- and lower-case letters, numbers and special characters.
• Avoid common words and phrases: Do not use easily guessable words or personal information like your name,  date of birth or pet’s name.
• Use a password manager: A password manager can help you generate and store complex passwords securely.

3. Be cautious of public Wi-Fi connections

Public Wi-Fi networks, such as those found in cafes, hotels and Olympic venues, can be convenient but are often insecure, allowing threat actors to intercept data transmitted over these networks.

Tips for using public Wi-Fi safely:

• Avoid accessing sensitive information: Do not log into your bank account, email, or other sensitive accounts while on public Wi-Fi.
• Use a VPN: A VPN encrypts and secures your internet connection, protecting your data from prying eyes.
• Turn off file sharing: Ensure file sharing is turned off and your device is not set to connect to nearby Wi-Fi networks automatically.

4. Stay Updated on Cybersecurity Threats

Cyber threats are constantly evolving, and staying informed about the latest scams and security vulnerabilities can help you stay ahead of cybercriminals.

Tips for staying updated:

• Follow reputable cybersecurity blogs and news sources: Bitdefender’s Hotforsecurity blog provides valuable insights and updates on current threats, scams and important industry news.
• Enable automatic updates: Ensure your devices and software are set to update automatically to receive the latest security patches.

5. Use official sources

When looking for any information about the upcoming Olympic Games, such as event schedules, results, or live streams, always use official sources.

Tips for finding official sources:

• Visit the official Olympic website: It will have accurate and up-to-date information.
• Use trusted news outlets: Stick to reputable news organizations for updates and events’ coverage.
• Download official apps: If you’re using a mobile app to follow the Games, make sure it’s the official app recommended by event organizers.