Security News > 2024 > July > Ticket Heist fraud gang uses 700 domains to sell fake Olympics tickets
A large-scale fraud campaign with over 700 domain names is likely targeting Russian-speaking users looking to purchase tickets for the Summer Olympics in Paris.
Researchers analyzing the campaign are calling it Ticket Heist and found that some of the domains were created in 2022 and the threat actor kept registering an average of 20 new ones every month.
QuoIntelligence kept an eye on specific keywords used in newly registered domains and discovered operation Ticket Heist which relies on 708 domains hosting convincing websites claiming to sell valid tickets and provide accommodation options for the Olympic Games in Paris.
The user interaction that the Ticket Heist operators created for visitors appears legitimate and encourages engagement with the site and ticket selection.
Analyzing the infrastructure behind the Ticket Heist operation, the researchers discovered that all the fraudulent domains were hosted at the same IP address, 179[.]43[.]166[.
Currently, 98% of the domains linked to Ticket Heist are considered clean of malware by crowdsourced analysis services, which supports the theory that the objective is to steal directly from victims through a legitimate payment service.