Threat Actors Use Fake Shops to Target Winter Olympics 2026 Fans
Key Takeaways Cybercriminals are exploiting interest in the Winter Olympics 2026 by establishing fraudulent online stores. These fake shops offer nonexistent merchandise, such as the popular Tina...
Key Takeaways
- Cybercriminals are exploiting interest in the Winter Olympics 2026 by establishing fraudulent online stores.
- These fake shops offer nonexistent merchandise, such as the popular Tina plush toy, at heavily discounted prices to entice unsuspecting fans.
- The primary objective extends beyond non-delivery of goods; threat actors are harvesting payment card details and personal information for future cyberattacks and distributing malware.
- Security firms like Malwarebytes are actively blocking these malicious domains.
A burgeoning network of fraudulent online storefronts is targeting enthusiasts of the upcoming Winter Olympics 2026, according to recent security intelligence. These sophisticated scam operations are rapidly expanding their digital footprint through new domain registrations, prompting security vendors like Malwarebytes to implement global blocking measures to protect users from falling victim.
Table Of Content
The deceptive websites are designed to ensnare consumers by advertising highly sought-after, often officially unavailable, merchandise at substantial markdowns. For instance, the official Tina plush toy, which retails at €40 and is currently out of stock through legitimate channels, is being promoted on these fake platforms for just €20. Banners prominently display claims such as “UP & SAVE 80%,” creating an irresistible lure for Olympic fans eager to acquire popular souvenirs for themselves or as gifts.
Scam Operation Tactics
The architects behind these sham Olympic shops pursue objectives far more malicious than merely collecting payments for undelivered products. Threat actors are actively engaged in harvesting sensitive financial and personal data. During the checkout process, victims unwittingly provide payment card details, along with their names, physical addresses, email addresses, and phone numbers. This trove of personal information is then stockpiled for deployment in future phishing campaigns and other cyberattacks.
Many individuals who fall prey to these schemes subsequently receive targeted phishing emails. These follow-up communications are meticulously crafted to extract further sensitive information or login credentials, extending the scope of the initial compromise. In some instances, the scammers escalate their attacks by distributing malware. This often occurs through malicious links embedded in fake order confirmations or fraudulent tracking updates sent to victims post-purchase, further jeopardizing their devices and network security.
What You Should Do
- Always purchase official merchandise directly from the legitimate website, shop.olympics.com. Type the URL into your browser manually and bookmark it.
- Be extremely wary of unsolicited links. Avoid clicking on advertisements, social media posts, or emails that claim to offer Olympic merchandise.
- Exercise skepticism regarding extreme discounts, especially on items that are officially sold out or in high demand. Such offers are a common tactic for fraudulent sites.
- Before making any purchase, meticulously inspect the domain name for anomalies. Look for suspicious top-level extensions, extra hyphens, misspellings, or subtle character substitutions that indicate a fake site.
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.



No Comment! Be the first one.