Massive Fraud Campaign Uses 700+ Domains to Scam Olympic Games Ticket Buyers

Introduction

A large-scale fraud operation, dubbed "Ticket Heist," is exploiting over 700 domain names to sell fake tickets for the upcoming Summer Olympics in Paris. This campaign, which appears to predominantly target Russian-speaking users, extends beyond the Olympics to other major sports and music events, posing a significant risk to potential ticket buyers.

Details of the Ticket Heist Campaign

Researchers from QuoIntelligence have been monitoring this fraudulent campaign since late 2023. The operation, which takes advantage of heightened interest in the Olympic Games, uses specific keywords such as "ticket," "Paris", "discount," and "offer" to lure unsuspecting victims to its sites. The initial domains identified in this scheme were ticket-paris24[.]com and tickets-paris24[.]com, both featuring a user-friendly design despite minor spelling and grammar errors likely due to direct translation from Russian to English.

Operation and Domain Analysis

QuoIntelligence's analysis revealed that all 708 domains associated with Ticket Heist are hosted on the same IP address, 179[.]43[.]166[.]54. Each site uses a unique SSL certificate, and the domain names often include specific subdomain patterns such as jswidget, widget-frame, or widget-api. This consistent structure, combined with DNS records and shared JavaScript files, allowed researchers to map the entire network.

The fraudsters behind Ticket Heist registered an average of 20 new domains monthly since 2022, with a notable spike in November 2023, when 50 new domains were created.

Pricing Strategy and Payment Methods

One of the striking aspects of the Ticket Heist operation is the inflated pricing of the fake tickets. For example, tickets that would typically cost less than EUR 100 on official sites were listed for a minimum of EUR 300 on the fraudulent sites, with some prices reaching up to EUR 1,000. This pricing strategy might be intended to create an illusion of premium access or to mimic scalping operations.

QuoIntelligence's attempt to purchase tickets from one of these sites revealed that transactions are processed through the Stripe payment platform, emphasizing that the goal is to steal money rather than collect credit card information. The fraudulent company behind these transactions, VIP Events Team LLC, was registered in November 2021 and is still active, though it has no presence on public search engines or social media.

Broader Implications and Ongoing Monitoring

The Ticket Heist campaign is not limited to the Olympic Games. It also targets other high-profile events, including the UEFA European Championship and concerts by well-known artists such as Metallica and Bruno Mars. Many of these fraudulent websites are in Russian, further suggesting that Russian-speaking users are the primary targets.

Despite previous warnings about similar scams, the Ticket Heist operation remains active and has not been extensively reported in public research. This indicates that multiple fraudsters are attempting to capitalize on the upcoming Olympic Games.

Protective Measures and Recommendations

To protect against such fraud schemes, it is crucial to implement robust cybersecurity measures, including stolen credentials detection, darknet monitoring services, dark web surveillance, compromised data tracking, and digital footprint analysis. Brand protection and impersonation defense, along with online risk evaluation and digital threat scoring, are essential strategies to mitigate these risks.

Conclusion

The Ticket Heist campaign highlights the persistent and evolving threat of online fraud, particularly in the context of major events like the Olympic Games. As cybercriminals continue to adapt and exploit new opportunities, it is vital for users to stay informed and for organizations to enhance their cybersecurity defenses. By understanding these threats and taking proactive steps, we can better protect ourselves from becoming victims of such sophisticated scams. For more insights and updates on cybersecurity threats, stay tuned to Foresiet's latest reports and analyses.

About Foresiet!

Foresiet is the pioneering force in digital security solutions, offering the first integrated Digital Risk Protection SaaS platform. With 24x7x365 dark web monitoring and proactive threat intelligence, Foresiet safeguards against data breaches and intellectual property theft. Our robust suite includes brand protection, takedown services, and supply chain assessment, enhancing your organization's defense mechanisms. Attack surface management is a key component of our approach, ensuring comprehensive protection across all vulnerable points. Compliance is assured through adherence to ISO27001, NIST, GDPR, PCI, SOX, HIPAA, SAMA, CITC, and Third Party regulations. Additionally, our advanced antiphishing shield provides unparalleled protection against malicious emails. Trust Foresiet to empower your organization to navigate the digital landscape securely and confidently.