Cybercriminals are targeting fans of the Milano Cortina 2026 Winter Olympics through an extensive network of fake online merchandise stores designed to steal payment information and personal data from unsuspecting shoppers.
The scam campaign capitalizes on overwhelming demand for official Olympic mascot merchandise, particularly Tina and Milo plush toys, which are currently sold out on the legitimate Olympics shop.
Nearly 20 fraudulent domains have emerged in just the past week alone, mimicking the official Olympic merchandise store with remarkable accuracy to deceive eager fans.
These fake shopping sites aren’t hastily assembled scam pages thrown together overnight.
The threat actors have created highly polished storefronts that replicate the official shop.olympics.com experience, complete with promotional videos, background music, and identical product layouts that mirror the authentic website.
The only difference lies in the domain names, which use variations like 2026winterdeals[.]top, olympics-sale[.]shop, and winter0lympicsstore[.]top where the letter ‘o’ is replaced with a zero. At first glance, most shoppers wouldn’t notice anything suspicious about these convincing replicas.
Malwarebytes researchers identified this global campaign after detecting telemetry data showing users accessing these malicious domains from multiple regions including Ireland, the Czech Republic, the United States, Italy, and China.
The security team noted that additional domain registrations continue to emerge actively, indicating the scammers are rapidly expanding their operation. Malwarebytes now blocks these domains as scams to protect users worldwide from falling victim to the growing threat.
.webp)
The fraudulent websites lure victims with deep discounts on items that are unavailable elsewhere.
While the official Tina plush toy costs €40 and remains completely out of stock, these fake shops advertise the exact same product for just €20 with banners claiming “UP & SAVE 80%.”
This aggressive pricing strategy serves as irresistible bait to attract unsuspecting Olympic fans who are desperate to purchase the popular merchandise for themselves or their children.
Scam Operation Tactics
The fake Olympic shops operate with multiple malicious objectives that extend far beyond simply taking payment without delivering products.
Threat actors actively harvest payment card details that victims enter during checkout, while simultaneously collecting names, addresses, email addresses, and phone numbers for use in future cyberattacks.
Many victims subsequently receive follow-up phishing emails carefully designed to extract additional sensitive information or login credentials.
Some scammers even distribute malware through fake order confirmations or malicious tracking links sent to victims after purchase, further compromising their devices and networks.
Security experts strongly recommend purchasing merchandise only from the official shop.olympics.com website by typing the address directly into browsers and bookmarking it for future use.
Shoppers should consistently avoid clicking links from advertisements, social media posts, or unsolicited emails. They should remain highly skeptical of extreme discounts being offered on items that are officially sold out everywhere else.
Customers must carefully inspect domain names for suspicious top-level extensions, extra hyphens, or subtle character substitutions before making purchases.
Follow us on Google News, LinkedIn, and X to Get More Instant Updates, Set CSN as a Preferred Source in Google.
