editorially independent. We may make money when you click on links
to our partners.
Learn More
As excitement builds at the Milano Cortina 2026 Winter Olympics, cybercriminals have launched convincing fake merchandise stores to steal payment details and personal data from eager fans.
The campaign focuses heavily on high-demand mascot items that are sold out on the official site.
In the “… past week alone, we’ve identified nearly 20 lookalike domains designed to imitate the official Olympic merchandise store,” said Malwarebytes researchers.
They added, “The sites use the same polished storefront template, complete with promotional videos and background music designed to mirror the official shop.olympics.com experience.”
How Fake Olympic Shops Trick Fans
This campaign illustrates how rapidly threat actors mobilize around high-profile global events to build scalable fraud infrastructure.
According to Malwarebytes, nearly 20 lookalike domains surfaced within just one week, targeting Winter Olympics fans across multiple regions.
Telemetry data showed users accessing the malicious sites from Ireland, the Czech Republic, the United States, Italy, and China, pointing to a coordinated operation with international reach rather than isolated opportunistic scams.
Inside the Lookalike Storefronts
The fraudulent sites are engineered to closely mirror the official Olympic merchandise store.
Attackers clone the layout, product listings, promotional banners, and even multimedia elements from shop[.]olympics[.]com, creating polished storefronts that appear authentic at first glance.
The visual experience is nearly identical to the legitimate site, lowering suspicion and increasing the likelihood that visitors proceed to checkout.
Typosquatting and Lookalike Domains
The most noticeable difference is in the domain names.
Researchers identified variations such as 2026winterdeals[.]top, olympics-sale[.]shop, and winter0lympicsstore[.]top — where the letter “o” is replaced with a zero.
Other domains rely on extra hyphens or uncommon top-level domains like “.top” and “.shop.”
Pricing serves as a primary lure. While the official Tina plush toy is listed at €40 and currently out of stock, the fake sites advertise it for as little as €20, often accompanied by banners promoting “UP & SAVE 80%.”
The combination of scarcity and deep discounts creates urgency, encouraging impulsive buying behavior.
From Fake Store to Data Theft
At its core, the campaign relies on social engineering and brand impersonation rather than technical exploitation.
By replicating legitimate branding and storefront infrastructure, attackers reduce skepticism and capture sensitive information during checkout.
Victims who submit payment details risk more than financial loss.
The researchers report that threat actors harvest names, addresses, email addresses, and phone numbers for follow-on phishing campaigns.
In some cases, victims receive fraudulent order confirmations or malicious tracking links that may deliver malware, further compromising their devices.
The effectiveness of these operations stems from their realism. Automation and AI-assisted tools allow criminals to quickly generate convincing, multilingual storefronts at scale, eliminating many of the obvious errors that once signaled fraudulent sites.
As a result, distinguishing legitimate online stores from sophisticated fakes has become more difficult for everyday consumers.
How Organizations and Consumers Can Reduce Risk
High-profile global events create predictable spikes in fraud, requiring both organizations and consumers to take proactive precautions.
Brand impersonation campaigns can scale quickly, making early detection and rapid response essential for limiting impact.
Retailers, event organizers, and security teams should align monitoring and takedown efforts with anticipated demand surges, while reinforcing protections across email, advertising, and social channels.
At the same time, consumers must exercise caution when purchasing high-demand merchandise online.
The following steps outline practical measures to reduce exposure on both sides of the transaction.
Organizations can mitigate risk by:
- Proactively monitor for domain impersonation, typosquatting, certificate registrations, and fraudulent paid ads tied to your brand, and pre-register high-risk domain variations where possible.
- Coordinate rapid takedowns with hosting providers, registrars, ad platforms, and payment processors to disrupt fraudulent storefronts and cut off monetization channels quickly.
- Strengthen email and brand protections by enforcing DMARC, DKIM, and SPF, and by publishing clear warnings on official websites about known scam domains.
- Expand threat intelligence and social media monitoring to detect emerging scam infrastructure, fake promotions, and impersonation campaigns early.
- Increase monitoring during major events by aligning SOC coverage, fraud detection, and brand protection efforts with anticipated demand spikes.
- Regularly test incident response plans through tabletop exercises that simulate large-scale brand impersonation, payment fraud, and customer data harvesting scenarios.
Consumers can reduce risk by:
- Purchase merchandise only from the official website by typing the URL directly into the browser and bookmarking it for future use.
- Carefully inspect domain names for unusual extensions, extra hyphens, or subtle character substitutions, and avoid clicking links from ads or unsolicited emails.
- Be skeptical of extreme discounts on items that are officially sold out, as scarcity combined with heavy markdowns is a common scam tactic.
- Use secure payment practices such as virtual card numbers, transaction alerts, and browser security tools to reduce exposure if a site turns out to be fraudulent.
By combining proactive brand protection, coordinated response efforts, and informed consumer behavior, both organizations and individuals can reduce the risk of falling victim to event-driven scam campaigns.
As the Milano Cortina 2026 Games continue, similar scams are likely to increase in volume and sophistication, particularly around high-demand merchandise and ticket sales.
The combination of global brand recognition, limited availability, and emotionally driven purchases creates an ideal environment for fraud.
As event-themed scams grow more sophisticated, security teams must also prepare for other threats such as AI-generated deepfakes that can further amplify impersonation and fraud campaigns.
