bitdefender.com
Alina BÎZGĂ
February 17, 2026
Bitdefender Labs is tracking an ongoing scam campaign on Meta platforms targeting people in the EU and the US, using fraudulent “Olympics Shop” advertisements that offer discounts of up to 80% on Milano Cortina 2026 merchandise.
Bitdefender Labs is tracking an ongoing scam campaign on Meta platforms targeting people in the EU and the US, using fraudulent “Olympics Shop” advertisements that offer discounts of up to 80% on Milano Cortina 2026 merchandise.
Users who click on these ads and interact with the fraudulent websites expose themselves to several risks. Many similar scam operations are designed to steal payment card information at checkout, harvest personal details such as names, addresses, phone numbers, and email accounts, and in some cases collect login credentials.
Victims may also receive counterfeit merchandise — or nothing at all — after completing a purchase. In many instances, the sites disappear shortly after processing payments, leaving buyers with no way to recover their money.
At a glance, the ads look legitimate.
They feature official Olympic imagery, professional product photos, and convincing promotional messages such as:
“Olympics Exclusive! Up to 80% OFF.
30 Days No Excuse Free Return.
🛒Get Yours Before Out of Stock!”
“Olympics Esclusivo! Sconti fino all'80%.”
“Reso gratuito entro 30 giorni, senza domande.”
“Acquistalo prima che finisca!”
But the danger begins after the click.
Near-Perfect Clones of the Official Olympics Shop
The fraudulent websites are not crude copies – they are near-perfect replicas of the official Olympics merchandise store.
Bitdefender Labs observed that the scam sites use:
The same product photos
Identical color schemes
The same merchandise collections
Official branding elements
Similar layout structure
At a glance, most users would struggle to tell the difference.
The deception lies in the small details.
For example:
The legitimate store promotes “Sign up & Save 15%.”
The scam websites advertise “Sign & Save 80%.”
Official Olympics Shop
Fake Olympics Shop
That small wording change reflects the core tactic: inflate discounts to trigger a sense of urgency and bypass skepticism.
Font rendering may be slightly different. Minor layout inconsistencies appear in certain sections. Domain names look similar but are newly registered and unrelated to the official organization.
These subtle discrepancies are easy to miss when a user is focused on a limited-time deal.
Coordinated Scam Infrastructure
This campaign shows clear signs of coordination, and as Labs researcher Andreea Olariu points out, most of the fraudulent domains were registered within days of each other:
www.olympics2026[.]store – created Feb 3
Olympicseu[.]shop – created Feb 9
olympics-sale[.]top – created Feb 9
olympics-hot[.]top – created Feb 9
www.olympics-top[.]shop –created Feb 10
Olympicssportswear[.]shop – created Feb 10
Olympexapparel[.]shop – created Feb 10
Lifestylecollection[.]shop – created Feb 10
www.2026olympics[.]store – created Feb 11
Following the initial detection of the scam advertisements, Olariu observed ongoing domain registrations consistent with the same impersonation strategy. The daily appearance of new lookalike domains indicates an adaptive infrastructure designed to evade detection and extend the campaign’s lifespan.
Most recent domains include:
Olymponline[.]top – created Feb 11
Postolympicsale[.]com created Feb 11
sale-olympics[.]top - created Feb 11
olympics-save[.]top - created Feb 11
olympicssportswears[.]shop - created Feb 11
olympicsfashionhub.[]shop - created Feb 12
All these domains are flagged as fraudulent by Bitdefender security systems.
In some instances, ads appear to display the official shop preview but silently redirect users to www.olympics2026[.]store for example.
Newly Created Facebook Pages Running the Ads
Another strong indicator of fraud: the Facebook pages promoting these ads are newly created.
Bitdefender Labs observed that several of these pages were set up on the same day the scam domains were registered. This suggests a rapid deployment model:
Register domain
Clone official website
Create Facebook page
Launch ad campaign
Begin collecting payments
All within a short time window.
Legitimate global brands rarely create brand-new pages and immediately launch aggressive 80% discount campaigns tied to major international events.
The sophistication of the cloning significantly increases the risk. When scam sites mirror official branding almost perfectly, users default to visual familiarity instead of domain verification.
That’s exactly what attackers are counting on.
The scourge of “malvertising” is nothing new, but the tactic is still so effective that it's contributing to the rise of investment scams and the spread of new strains of malware.
Investor beware: online promises of quick profits are not always as legitimate as they look. Swiss public broadcaster, SRF, looked into a Cyprus-based network of scam websites.
Meet the guy who taught US intelligence agencies how to make the most of the ad tech ecosystem, "the largest information-gathering enterprise ever conceived by man."
#Ads #US #department-of-defense #information-gathering #longreads #secrecy-and-surveillance #spies #wired
On 29 December 2022, the CNIL's restricted committee imposed an administrative fine of 8 million euros on the company APPLE DISTRIBUTION INTERNATIONAL because it did not collect the consent of iPhone's French users (iOS 14.6 version) before depositing and/or writing identifiers used for advertising purposes on their terminals.
Fake sites for popular software have occasionally been used by cyber criminal groups to push malware. Campaigns pushing IcedID malware (also known as Bokbot) also use this method as a distribution technique (we also commonly see IcedID sent through email).
Scammers go mainstream by hijacking top Google searches and replacing them with malicious ads.
Google will no longer allow Russian state media outlets to run ads, following a similar decision on Saturday by the tech giant's video subsidiary, YouTube.
