A Slippery Slope: Beware of Winter Olympics Scams and Other Cyberthreats

It's snow joke – major sporting events like the Winter Olympics are a magnet for cybercriminals. As Milano-Cortina 2026 approaches, a combination of global brand awareness and an extensive digital footprint makes the games a popular target for opportunistic scammers. Here's how to make sure you're not on the losing side.

A History of Olympic Cyberthreats

Cybercriminals have been capitalizing on the Olympics for years. Fake ticketing sites proliferated during the Beijing 2008 Summer Olympics. During Pyeongchang 2018, state-aligned threat actors disrupted the games using wiper malware that shut down Wi-Fi hotspots and TV feeds, crippling the back-end servers of the games' official app. Hacktivists also see the Olympics as a perfect opportunity to draw attention to their causes.

What to Watch Out For

As the world prepares for Milano-Cortina 2026, sports fans should be alert for various threats during the lead-up and the 16 days of competition:

Phishing Attempts

Unsolicited emails, texts, or social media messages impersonate official organizers, sponsors, or third parties. These attempts try to trick you into entering personal and financial information or clicking malicious links that result in silent malware installation.

Examples include:

- Free streaming links that lead to malware delivery or credential theft
- Special prize draws and 'last chance offers' for tickets
- Alerts about cancelled tickets or payment issues

Fake Olympics Sites

E-commerce sites purporting to sell official tickets, travel, and accommodation may look legitimate but just want your money or card details. Your purchase doesn't exist. Scammers also put fake listings on genuine sites and marketplaces like Airbnb, eBay, and Facebook Marketplace.

Free and Illegal Streaming Sites

Sites offering free video content from the games could be hotbeds of malware hidden in links, plugins, and files. Video overlay ads often aren't just minor inconveniences—many are malicious and redirect you to dangerous websites or trigger unwanted malware downloads.

Fake Apps

Mobile apps masquerading as official Winter Olympics apps may actually contain infostealing malware or other threats. Such malicious apps are mainly found on third-party app stores.

SEO Poisoning

Scammers pay for sponsored ads or use SEO techniques to place malicious websites at the top of search results. These may trigger drive-by downloads or attempt to obtain your personal information.

Support Scams

If you complain on social media about issues with flights, hotels, or tickets, fraudsters may pose as 'official support.' They don't want to help—they want your personal, financial, and booking information.

Fake Employment Scams

Look out for bogus opportunities to join the Olympics as a volunteer or paid worker. These are designed to harvest your personal information or trick you into paying upfront 'fees' to process your details.

AI-Powered Scams

Fraudsters increasingly use AI-powered tools to generate phishing websites and messages at scale in flawless local languages. They create realistic audio and video designed to influence decision-making. Watch out for deepfake videos of famous athletes soliciting donations for fake charities or 'training funds.'

QR Code Phishing (Quishing)

If you're at the event, beware of quishing attempts. QR codes posted at events may lead to phishing sites and malware downloads. This tactic blends physical and digital threats to steal payment details or personal information. It's particularly effective because it doesn't arouse the same suspicion as phishing URLs, and mobile devices are often less well protected than laptops and desktops.

Public Wi-Fi

If you're at the event, beware of fake and lookalike hotspots designed to capture your personal and financial information.

Staying Safe from Winter Olympics Scams

To stay safe online, stick to official Winter Olympics sites and don't engage with unsolicited messages and too-good-to-be-true deals. More specifically:

Official Sources Only

- Tickets: Only buy from tickets.milanocortina2026.org or hospitality.milanocortina2026.org. Event organizers have not authorized resale on third-party ticketing sites.
- Merchandise: Stick to shop.olympics.com for official merchandise.
- Streaming: Avoid pirated streaming services. Only visit sites hosted by official broadcasters, including NBCUniversal (US), BBC (UK), and Warner Bros Discovery (Europe).

Best Practices

- Never trust too-good-to-be-true deals in unsolicited messages
- Avoid clicking links or opening attachments in unsolicited messages, even if they appear legitimate
- Scrutinize listings for red flags, even on legitimate sites. Check reviews, use official in-app messaging, and prioritize sellers with "verified" badges
- Download the official Olympics app for schedules, maps, and digital tickets if attending
- Avoid public Wi-Fi where possible, or use a VPN if necessary. Don't log into high-value accounts like email or online banking on public hotspots
- Avoid scanning QR codes at the event or ones arriving in emails
- Install anti-malware from a reputable vendor to mitigate phishing risks
- Remember that Olympic organizers never ask for money to volunteer or work. Official volunteering sites are at team26.milanocortina2026.org and paid roles at milanocortina2026.intervieweb.it/en/career

TL;DR

- The Winter Olympics attracts cybercriminals with phishing, fake sites, malicious apps, and AI-powered scams
- Historic attacks have disrupted past games, demonstrating serious threat actor interest
- Only buy tickets, merchandise, and streaming from official sources
- Beware of QR code phishing, fake employment offers, and public Wi-Fi threats
- Use anti-malware protection and never engage with unsolicited offers or requests

Source: ESET: A slippery slope: Beware of Winter Olympics scams and other cyberthreats