Domains spoofing the legitimate Olympics Web site, while fake mobile apps masquerading as transport, booking, or other planning apps are also certain to be leveraged by fraudsters during the event, cybersecurity firms say, which puts Indian users also at risk.
Millions will be flocking to Paris where Olympics will be held over the next 16 days, beginning Friday.
It will be the first in-person Summer Games since pandemic restrictions were lifted.
While the French capital will play host to over 10,000 athletes of various streams, there are fears that it could also turn into a hunting ground for cybersecurity threat actors.
Security experts are cautioning people against possible threats.
An analysis of nearly 25,000 free WiFi spots in Paris showed that almost 25 per cent of these networks had weak or no encryption.
It means that travellers using public WiFi at large events like this face significant cybersecurity risks, such as data theft and identity fraud, said a report by Kaspersky.
Additionally, 20 per cent were configured with WPS, an outdated and easily compromised algorithm, rendering them highly susceptible to WPS attacks that could result in data loss.
Only six per cent of the analysed networks used the latest WPA3 security protocol, said the note from Kaspersky.
Like the sportspeople training for the summer of sport in France, cybercriminals have also prepared an unsavoury welcome for the people heading for Paris hotels, fan zones and events.
They might set up fake access points or compromise legitimate networks to intercept and manipulate data transfers.
Open and misconfigured Wi-Fi networks are particularly attractive to criminals, as they enable the theft of passwords, credit card details, and other sensitive user data, said Amin Hasbini, Head of META research unit at Kaspersky's GReAT.
Apart from Wifi vulnerabilities, the sporting event has also attracted the eyes of phishing scammers.
A Cloudflare analysis points towards a rise in phishing and malicious e-mails related to the Paris Olympics.
From January 2024 up to late July, the firm processed over half a million e-mails containing Olympics or Paris 2024 in the subject, out of which 1.5 per cent were spam, and 0.2 per cent were malicious.
Further, there are possibilities of scams happening through a setup known as WiFi Honeypots, which are fake WiFi hotspots set up by attackers to lure unsuspecting users, say experts.
These often have enticing names like Free Public Wi-Fi, or mimic legitimate networks (eg, a coffee shop's Wi-Fi). Once you connect to a honeypot, attackers can easily monitor your traffic, steal your data, and even inject malware into your device, said Ranjeeth Bellary, Partner, EY India Forensic and Integrity Services Cyber Forensics.
A global security firm based in Palo Alto in a report last month projected that financial theft was likely to occur leading up to the Games, during the Olympics, and even persist for several weeks after the Games.
Business Email Compromise threat actors will likely use fear, uncertainty, and doubt of a missed payment to entice victims into paying a fake invoice after the Olympics have finished, the report says.
Further, domains spoofing the legitimate Olympics Web site, while fake mobile apps masquerading as transport, booking, or other planning apps are also certain to be leveraged by fraudsters during the event, cybersecurity firms say, which puts Indian users also at risk.
India is amongst the top 10 countries from where the traffic for the Paris Olympics Web site came in.
Cybersecurity experts say that Indian travellers going to the Olympics event are equally vulnerable to the threats.
Feature Presentation: Ashish Narsale/Rediff.com