Cybercriminals are actively targeting fans of the upcoming Milano Cortina 2026 Winter Olympics through a sophisticated network of fake online merchandise stores. These fraudulent websites are designed to exploit the high demand for official Olympic merchandise, particularly the popular mascot plush toys, Tina and Milo, which are currently sold out on the legitimate Olympics shop. Security researchers have identified nearly 20 newly registered fraudulent domains that closely mimic the official Olympic merchandise store, raising alarms about potential data theft and financial fraud targeting eager fans.
The threat actors behind this scam campaign have created highly polished storefronts that meticulously replicate the authentic shop.olympics.com experience. These fake sites feature promotional videos, background music, and identical product layouts, making them difficult to distinguish from the official store at first glance. Variations in domain names, such as replacing the letter ‘o’ with a zero (e.g., winter0lympicsstore[.]top) or using deceptive extensions (e.g., 2026winterdeals[.]top), are the primary indicators of their fraudulent nature. Malwarebytes researchers detected this global campaign after observing users accessing these malicious domains from various regions, including Ireland, the Czech Republic, the United States, Italy, and China, indicating a widespread and rapidly expanding operation.
Beware of Fake Shops Targeting Winter Olympics 2026 Fans
The urgency and enthusiasm surrounding the Milano Cortina 2026 Winter Olympics have created a fertile ground for cybercriminals. As official merchandise, especially sought-after items like the Tina and Milo plush toys, sells out rapidly, fans are becoming more susceptible to phishing attempts that promise quick access to these popular products. The nearly 20 fraudulent domains identified in the past week demonstrate a coordinated effort to capitalize on this demand. These operations are not rudimentary scams; they are designed with a high degree of sophistication to deceive even discerning shoppers.
Malwarebytes researchers have been tracking this extensive scam campaign, noting the active emergence of additional domain registrations. This suggests that the cybercriminals are continuously expanding their reach and adapting their tactics to evade detection. The security firm is now actively blocking these domains to protect users worldwide from falling victim to this growing threat. The global nature of the detected access points highlights the international reach of these operations.
Scam Operation Tactics and Risks
The fraudulent websites lure victims with deeply discounted prices on items that are unavailable through official channels. For example, the official Tina plush toy, priced at €40 and out of stock, is advertised on these fake sites for just €20, often with accompanying banners claiming significant discounts like “UP & SAVE 80%.” This aggressive pricing strategy is a primary bait to attract unsuspecting Olympic fans who are desperate to purchase the merchandise.
However, the malicious objectives of these fake Olympic shops extend far beyond simply taking payment without delivering products. Threat actors actively harvest sensitive payment card details entered by victims during the checkout process. In addition to financial information, these sites also collect personal data such as names, addresses, email addresses, and phone numbers. This information is often used for subsequent phishing attacks and identity theft purposes, potentially leading to further cybercriminal activities.
Following a fraudulent transaction, victims may receive carefully crafted phishing emails designed to extract additional sensitive information or login credentials. Some scammers are also known to distribute malware through fake order confirmations or malicious tracking links sent to victims. These links can compromise the victim’s devices and network security, leading to more severe data breaches.
Security experts strongly advise consumers to purchase merchandise exclusively from the official shop.olympics.com website. They recommend typing the address directly into the browser and bookmarking it for future use to avoid accidentally navigating to fraudulent sites. Shoppers should exercise extreme caution and avoid clicking on links from advertisements, social media posts, or unsolicited emails, particularly those offering unbelievable discounts on sold-out items. A thorough inspection of domain names for suspicious characters, unusual extensions, or extra hyphens is crucial before completing any online purchase.
The ongoing efforts by cybersecurity firms to identify and block these fraudulent domains represent a critical defense against these emerging threats. However, the continuous emergence of new domains indicates that vigilance from consumers remains the most effective first line of defense. Fans eager to acquire official Milano Cortina 2026 Winter Olympics merchandise should prioritize security and verify the legitimacy of online stores before making any purchases, especially with the event’s popularity drawing increased attention from cybercriminals.