Paris 2024 partners lax about email fraud – experts

Two-thirds of the official Paris Olympic Games partners do not have sufficient measures in place to protect the public from email fraud, cybersecurity experts have warned.

Most local authorities that will host the games, ticketing platforms, and travel booking websites are not proactively blocking fraudulent emails from reaching the customers as well, a study by the cybersecurity firm Proofpoint revealed.

The firm’s experts have looked into the security practices of 77 official partners listed on the Paris 2024 website, in addition to 20 municipalities hosting the Olympic events, 10 ticket resale platforms, and 10 travel platforms.

Proofpoint used the adoption levels of Domain-based Message Authentication, Reporting, and Conformance (DMARC) as a benchmark to establish the state of each platform’s defences against impersonation risk.

DMARC is an email authentication protocol designed to protect domain names from misuse by cybercriminals and is considered to be a fundamental email protection measure.

Of the 77 official Olympic Games partners, 66 have adopted basic protections, but only 26 actively protect their domain name with the highest DMARC registration. It means that the rest, which accounts for two-thirds, or 66%, of the official partners expose the public to email fraud risk, Proofpoint said.

The study did not name the companies whose protections it found lacking, but the list of Paris 2024 official partners includes major conglomerates like LVMH, Samsung, Alibaba, and Deloitte.

The analysis also showed that most local authorities hosting the games (70%), the top online ticketing platforms (90%) and travel websites (40%) were not proactively blocking fraudulent emails that could reach the public.

"It is worrying to see that a majority of players in the Olympic Games ecosystem are still lagging behind when it comes to protecting their emails, a few months before the start of the Opening Ceremony,” Proofpoint’s Loïc Guézo said.

“DMARC is a simple-to-implement and highly-effective measure against domain name spoofing that underpins email fraud. The fact that many organizations still do not have it in place raises fears of the advent of a cyber threat of unprecedented proportions,” Guézo warned.

To put that into context, 450 million cyberattacks were recorded during the Tokyo Games and that number is expected to be several times higher during the Paris Olympics.

Proofpoint said that Olympics fans should be “extremely vigilant” and keep in mind the following recommendations:

  • Be wary of unsolicited emails, texts, or calls, especially if they suggest you take “urgent” action or ask for payment.
  • Never give out financial information or passwords via email or text message. Always call your bank directly if a request seems suspicious.
  • It's important to create a unique password for each online account you use. Use three random words to create a strong and memorable password and enable multi-factor authentication (MFA) when possible.

Fans should also be aware that tickets for the games can only be purchased through the official Olympics website. It is fully DMARC compliant and proactively blocks fraudulent emails from reaching the public, according to Proofpoint.

More from Cybernews:

Free AI photo editing features are coming to all Google Photos users

Meta to blur Instagram messages containing nudity

New AI act forces companies to disclose use of copyrighted content

Cybergang attack Germany using AI-generated code

Apple warns of 'mercenary spyware attack'

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are markedmarked