Beware of Winter Olympics scams and other cyberthreats

It’s snow joke – sporting events are a big draw for cybercriminals. Make sure you’re not on the losing side by following these best practices.

Cybercriminals have always been drawn to major sporting events. A combination of global brand awareness and an extensive digital footprint make them a popular option for opportunistic scammers. And events don’t get much bigger or better known than the Olympics.

Cybercriminals have been looking to capitalize on the Olympics for years – for example, fake ticketing sites proliferated way back during the Beijing 2008 Summer Olympics. Since then, even some state-aligned threat actors have got involved, disrupting the Pyeongchang 2018 games by using wiper malware that shut down Wi-Fi hotspots and TV feeds, and crippled the back-end servers of the games’ official app. Some hacktivists are never far away either, spying a perfect opportunity to draw attention to their cause.

But as the world prepares for Milano-Cortina 2026, what are the most common threats that you should look out for? And how can you stay safe?

What to watch out for

There are various threats that sports fans should look out for in the days leading up to the event, and the 16 days of the games. They include:

Phishing attempts

These are unsolicited emails, texts or social media messages impersonating the official organizers of the games, sponsors or other third parties. Typically, they will try to trick you into entering your personal and financial information, or clicking on malicious links/opening attachments which result in silent malware installation. Examples include:

Free streaming links that lead to malware delivery or credential theft
Special prize draws and ‘last chance offers’ such as tickets to the games
Alerts about cancelled tickets or payment issues

Fake Olympics sites

Some e-commerce sites purporting to sell official tickets, travel and accommodation may look like the real deal. But they just want your money and/or card details. Your purchase does not exist. In some cases, scammers might also put fake listings on genuine sites and marketplaces, like Airbnb, eBay and Facebook Marketplace.

Free and illegal streaming sites

Some sites offer sports fans free access to video content from the games. But these sites could also be a hotbed of malware hidden in links, plugins and files. They’re also full of video overlay ads that aren’t often just a minor inconvenience. Instead, many tend to be malicious and when you click on them, you’ll be redirected to a malicious website or unwittingly download malware on your device.

Fake apps

Mobile apps masquerading as official Winter Olympics apps may actually contain infostealing malware or other threats. Such malicious apps are mainly found on various third-party app stores.

SEO poisoning

Scammers pay for sponsored ads or use SEO techniques to put their malicious websites at the top of search results. They may trigger drive-by-downloads or try to obtain your personal information.

Support scams

If you complain on social media about an issue with your flight/hotel/tickets, fraudsters may jump in posing as ‘official support.’ They don’t really want to help, they just want your personal, financial and booking information.

Fake employment scams

Look out for bogus opportunities to join the Olympics as a volunteer or paid worker. These are usually designed to either harvest your personal information or trick you into paying an upfront ‘fee’ to process your details.

AI-powered scams

Fraudsters are increasingly using AI-powered tools and services to increase their chances of success. They can generate phishing websites and messages at scale in flawless local languages. And they can also create realistic audio and video designed to influence your decision making. Watch out for deepfake videos of famous athletes seeking to solicit donations for fake charities or ‘training funds.’

QR code phishing

If you’re at the event, look out for quishing attempts. QR codes posted at events may actually lead to phishing sites and malware downloads. It’s a favored tactic that blends physical and digital threats to steal your payment details or personal information. It’s particularly effective tactic because it often doesn’t arouse the same level of suspicion among people as, say, phishing URLs. Mobile devices are also often less well protected than laptops and desktops, so there’s more chance of success.

Public Wi-Fi

If you’re out and about at the event, beware of fake and lookalike hotspots designed to capture your personal and financial information.

Staying safe from Winter Olympics scams

To stay safe online, stick to the official Winter Olympics sites and don’t engage with unsolicited messages and too-goo-to-be-true deals. More specifically:

Only buy tickets from https://tickets.milanocortina2026.org/ or https://hospitality.milanocortina2026.org/. The event organizers have not authorized resale on any third-party ticketing sites.
Stick to the official site, shop.olympics.com for merchandise.
Avoid pirated streaming services and only visit sites hosted by the official broadcasters, including NBCUniversal (US), BBC (UK), Warner Bros Discovery (Europe).
Never trust too-good-to-be-true deals in unsolicited messages.
Avoid clicking on links or opening attachments in unsolicited messages, even if they appear to be from legitimate Winter Olympics organizers/sponsors.
Scrutinize listings for red flags, even if they’re on legitimate sites. Check out reviews, always use the official in-app messaging service and prioritize sellers with “verified” badges or similar.
If you’re going to the event, download the official Olympics app for schedules, maps, and digital tickets.
Avoid public Wi-Fi where possible, or use a VPN if you can. If you have to use a hotspot, don’t log in to high-value accounts, such as your email or online banking.
Avoid scanning QR codes at the event, or ones that turn up in emails.
Install anti-malware on your device from a reputable vendor to mitigate the risk of quishing, smishing and email-based phishing.
Remember that the Olympic games organizers never ask for money to volunteer or work there. Official volunteering sites can be found at https://team26.milanocortina2026.org/ and paid roles can be found at https://milanocortina2026.intervieweb.it/en/career.

The XXV Winter Olympic Games in Milano-Cortina is set to be a treat for sports fans around the world. But digital scammers will also be paying close attention. Enjoy the fun, and stay safe.

Source

What's Hot

New RCEs, Darknet Busts, Kernel Bugs & 25+ More Stories

Survey of 100+ Energy Systems Reveals Critical OT Cybersecurity Gaps

SolarWinds Web Help Desk Vulnerability Actively Exploited

Chronology of a Skype attack

Drowning in spam or scam emails lately? Here’s why

Children and chatbots: What parents should know

North Korean Hackers Turn JSON Services into Covert Malware Delivery Channels

macOS Stealer Campaign Uses “Cracked” App Lures to Bypass Apple Securi

North Korean Hackers Exploit Threat Intel Platforms For Phishing

U.S. Treasury Sanctions DPRK IT-Worker Scheme, Exposing $600K Crypto Transfers and $1M+ Profits

Ukrainian Ransomware Fugitive Added to Europe’s Most Wanted

Most Popular