Ticket Heist network of 700 domains sells fake Olympic Games tickets
A large-scale fraud campaign with over 700 domain names is likely targeting Russian-speaking users looking to purchase tickets for the Summer Olympics in Paris.
The operation offers fake tickets to the Olympic Games and appears to take advantage of other major sports and music events.
Researchers analyzing the campaign are calling it Ticket Heist and found that some of the domains were created in 2022 and the threat actor kept registering an average of 20 new ones every month.
Overpriced fake Olympic Games tickets
In late 2023, researchers at threat intelligence company QuoIntelligence noticed increased conversation about the Olympic Games in Paris scheduled to start this July 26th.
Because the event has always been used for geopolitical influence and the International Olympic Committee’s decision to ban Russian and Belarusian athletes’ participation under their country flag, researchers kept monitoring the topic and looked for suspicious activity online.
QuoIntelligence kept an eye on specific keywords (e.g. ticket, Paris, discount, offer) used in newly registered domains and discovered operation Ticket Heist which relies on 708 domains hosting convincing websites claiming to sell valid tickets and provide accommodation options for the Olympic Games in Paris.
The first such domains discovered were ticket-paris24[.]com and tickets-paris24[.]com, the latter being a clone of the first.
The user interaction that the Ticket Heist operators created for visitors appears legitimate and encourages engagement with the site and ticket selection.
In a report today, the researchers say that the same UI framework is present across all websites related to Ticket Heist, with only minor variations in content and language making the difference between the fraudulent websites.
Apart from the design of the websites, what stands out in the scheme is the price of the fake tickets offered. QuoIntelligence notes that the prices are inflated compared to the legitimate ones.
“For example, a random event and seat location on the official website could cost less than EUR 100, whereas the same tickets and locations on the fraudulent websites were priced at a minimum of EUR 300, often reaching EUR 1,000” – QuoIntelligence
QuoIntelligence threat researcher Andrei Moldovan told that while there is no confirmation, the higher prices could be part of a trick to make victims believe they get “premium treatment” for the extra money since the tickets are not available through the official distribution channels.
Alternatively, a higher price could also make victims believe that it’s a scalping operation that takes advantage of the shortage of tickets.
While trying to test their theories about the objective of Ticket Heist and to gather information that could lead to who is behind it, QuoIntelligence attempted a purchase from one of the fraudulent websites.
They found that all transactions are carried out through the Stripe payment processing platform and the money is transferred only when the card has sufficient funds.
This means that the operator’s goal is not to collect credit card information but to steal money from the victim.