sb-nz logo
Story image

Domain fraud rife during PyeongChang Winter Olympics

27 Feb 2018

The 2018 Winter Olympic Games in PyeongChang have been a demonstration of sports prowess, but also malicious activity prowess as cybercriminals do their best to make the most of the chances for fraudulent activity.

According to Proofpoint, it’s not just the PyeongChang Olympics that are attracting criminals, but also the upcoming 2020 Olympics in Tokyo, the 2022 Olympics in Beijing and the 2024 Olympics in Paris.

Proofpoint researchers Harold Nguyen and Roman Tobe have been following domain registrations for each of the events. Since 2010, 105 domains related to pyeongchang2018.com have been registered – and registrations started the same year the official site was registered.

Registration activity of ‘lookalike domains’ started to pick up in 2014, and since the beginning of 2017 at least 20 new suspicious domains have popped up.

Those domains may be used for a variety of purposes, including advertising and monetizing web traffic. Others are used to profit from illegal streaming and paywalls and some are profiting through non-sanctioned ticket sales.

Only three of the 105 domains were legitimate (although unofficial) domains, which are being used for Olympic medal tracking purposes.

One particular site, pyeongchang2018tickets.ru is an unauthorized ticket reseller, which increases risk through the possibility of ticket fraud. The National Olympic Committee lists all authorized ticket resellers by country and has guidelines on reseller requirements.

“Pyeongchang2018live.com is a live-streaming site, which is likely neither official nor legal. It asks for payment in PayPal, indicating a potential scam,” researchers note.

However, more than 35% of domains are ‘parked sites’, which researchers are suspect are being used for cybersquatting or to put up for sale in the future.

Typosquatting is also present in at least one example, pyeongchang2o18.com, where the 0 was substituted for the character o.

Researchers say the statistics seem to be in line with current trends. They explain:

“From January through August 2017, brand-owned defensive domains have fallen while suspicious domains registered by someone other than the brand have grown. In that same time period, suspicious domain registrations rose 20% vs. the year-ago period as brand-owned defensive registrations fell 20%.

While it is too early to tell how many of the Tokyo, Beijing and Paris Olympic domain lookalikes will be used will be used for malicious activity, it is likely that domains such as these will continue to surface.

So far registrations related to ‘tokyo2020’ have reached more than 500, while ‘beijing 2022’ has reached 100 registrations and ‘paris2024’ registrations have reached 200.

“.A sign that brand-owned, unofficial and fraudulent domain registrations need to be persistently monitored for consumer protection and reputational risk,” researchers conclude.

Story image
Video: 10 Minute IT Jams – A glimpse inside a ransomware cell
This is our second IT Jam with SonicWall senior manager of product marketing Brook Chelmo, and in this video Brook walks us through his one-on-one experience with a member of a ransomware cell. More
Story image
NZX, Metservice attacks show Kiwi companies must rethink cyber security
The attacks are a wake-up call for New Zealand businesses to step up their threat protection and contingency planning systems.More
Story image
Zoom to begin rolling out end-to-end encryption
Available starting from next week, it represents the first phase out of four of the company’s greater E2EE offering, which was announced in May following backlash that the company was lax on its security and privacy.More
Story image
Experiencing ransomware significantly impacts cybersecurity approach
"The survey findings illustrate clearly the impact of these near-impossible demands. Among other things, those hit by ransomware were found to have severely undermined confidence in their own cyber threat awareness."More
Story image
Creating private data regulations for employees
Whether employees are hired on a part-time or full-time basis, everyone must know about data privacy regulations. Everyone needs to be responsible for keeping the organisation’s data secure. More
Story image
Interview: How cyber hygiene supports security culture - ThreatQuotient
We spoke with ThreatQuotient’s APJC regional director Anthony Stitt to dig deeper into cyber hygiene, security culture, threat intelligence, and the tools that support them.More