Cybercriminals have launched a sophisticated campaign aimed at deceiving fans of the Milano Cortina 2026 Winter Olympics. They are using a network of fraudulent online stores to capture payment information and personal data from unsuspecting shoppers.
Proliferation of Fake Sites
The scammers exploit high demand for official Olympic merchandise, particularly the popular Tina and Milo plush toys, which are out of stock in legitimate stores. Within the past week, nearly 20 fake domains have surfaced, mimicking the official Olympic merchandise website with remarkable precision to trick eager buyers.
These counterfeit sites are not quickly assembled scams. They feature highly polished interfaces that replicate the authentic shop.olympics.com experience, complete with promotional videos and identical layouts. The main distinction lies in the domain names, which use variations like 2026winterdeals[.]top and olympics-sale[.]shop, often with subtle character substitutions that are hard to spot.
Global Impact and Detection
Researchers at Malwarebytes have identified this global campaign through telemetry data showing users accessing these malicious domains from regions like Ireland, the Czech Republic, the United States, Italy, and China. The security team continues to detect new domain registrations, indicating the scammers’ rapid expansion. Malwarebytes has taken measures to block these domains, aiming to protect users worldwide from this growing threat.
These fraudulent sites entice victims with deep discounts on in-demand items. While the official Tina plush toy costs €40 and is unavailable, the fake shops offer it for just €20, claiming “UP & SAVE 80%.” Such aggressive pricing is designed to lure Olympic fans desperate to purchase the merchandise for themselves or their children.
Protecting Against Scam Tactics
The operations of these fake Olympic shops are multifaceted, extending beyond merely taking payments without delivering products. They collect payment card details and personal information, which are then used in further cyberattacks. Many victims receive phishing emails aimed at extracting more sensitive data, and some even face malware distributed through fake order confirmations or malicious tracking links.
Security experts urge consumers to buy merchandise only from the official shop.olympics.com by directly entering the URL into their browser and bookmarking it. Shoppers should avoid clicking on links from ads, social media, or unsolicited emails, and be wary of extreme discounts on officially sold-out items. It is crucial to examine domain names for suspicious signs before making any online purchases.
Stay informed on the latest cybersecurity threats by following us on Google News, LinkedIn, and X. Set CSN as your preferred news source in Google for more instant updates.
