The excitement surrounding the Milano-Cortina 2026 Winter Olympics has given cybercriminals a new opportunity to trick fans.
The adorable stoat mascots, Tina and Milo, have become international sensations especially their official 27 cm plush version, which quickly sold out on the official Olympic web store.
Unfortunately, this surge in demand has attracted scammers exploiting the global hype to run fraudulent shopping sites that mimic the official shop.
These sites replicate the same storefront design, product pages, and promotional videos found on shop.olympics.com, making them nearly indistinguishable from the real site at first glance.
Examples include domains like 2026winterdeals[.]top, olympics-sale[.]shop, and winter0lympicsstore[.]top, where the attackers cleverly replace the letter “o” with a zero.
According to telemetry data, users from multiple countries including Italy, Ireland, China, and the U.S. have already visited these malicious domains, indicating a large-scale, globally coordinated campaign.
Over the past week, security researchers have detected nearly 20 scam domains impersonating the official Olympic merchandise store.
Cybersecurity firm Malwarebytes has started blocking these fake domains after confirming their fraudulent behavior.
Anatomy of a Scam
These cloned websites use a template-based storefront likely built with automated tools, allowing scammers to scale and deploy convincing fake shops rapidly. The main red flag lies in pricing.
While the genuine Tina plush is priced at €40 and currently sold out, fake stores advertise it at €20 or claim discounts of “up to 80% off.”
This “too good to be true” offer serves as bait. Once users proceed to checkout, their payment card data, names, addresses, and phone numbers are captured.
Victims may also receive follow-up phishing emails, or malware may be delivered via “order confirmation” or “tracking” links. In most cases, the victim loses both their personal information and their money without receiving any product.
The Olympics have long been fertile ground for online fraud. During the Beijing 2008 and Paris 2024 Games, waves of fake ticketing platforms and phishing domains were recorded.
Each major event sees a repeat pattern: threat actors exploit official branding, limited-time offers, and emotional triggers to lure global audiences.
What’s new in 2026 is the use of AI-driven phishing site generation, which allows scammers to automatically clone legitimate pages in multiple languages, reducing telltale signs like typos or missing images.
As a result, even tech-savvy consumers are finding it harder to distinguish authentic Olympic websites from counterfeits.
How to Stay Protected
Fans eager to buy official memorabilia or event items should remain vigilant:
- Always buy directly from shop.olympics.com, typing the URL manually instead of following links from emails or social media.
- Treat dramatic discounts and “back in stock” claims on unknown domains as red flags.
- Inspect domain names for suspicious endings like .top, .shop, or letter substitutions (e.g., “0” instead of “o”).
- Never enter payment data on unfamiliar websites. If something feels wrong exit immediately.
- Use browsing protection tools such as Malwarebytes Browser Guard or Scam Guard to automatically block or analyze suspicious sites.
With over 3 billion viewers expected for this year’s Winter Olympics, cybercriminals know that attention equals opportunity.
By staying alert and verifying every website before buying, fans can enjoy the Olympic spirit safely without falling victim to digital scams.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.
