February 20, 2026 Bitdefender Labs says it is tracking an ongoing scam campaign on Meta platforms targeting users in the EU and U.S. with fraudulent “Olympics Shop” ads offering discounts of up to 80% on Milano Cortina 2026 merchandise. The ads closely mimic official Olympic promotions, using authentic branding, polished product imagery and multi-language marketing designed to appear legitimate at first glance.
Researchers say the danger begins after users click. The ads redirect shoppers to cloned versions of official merchandise stores built to harvest payment card data and personal information, including names, addresses, phone numbers and emails. In some cases, victims may also be prompted for login credentials, expanding the risk beyond financial fraud.
Bitdefender says victims may receive counterfeit products – or nothing at all — after completing purchases. The fraudulent sites often disappear shortly after transactions are processed, making refunds or chargebacks difficult and limiting opportunities for enforcement.
The infrastructure behind the campaign appears tightly coordinated. Investigators observed clusters of newly registered domains appearing within days of each other, often using retail-focused extensions such as .store or .shop. Many of the social media accounts running the ads were created around the same time as the domains, suggesting a rapid deployment model that allows attackers to rotate assets as older ones are removed.
The campaign highlights how large global events can amplify fraud risk. Major sporting moments typically drive spikes in online merchandise demand, creating fertile ground for scammers who blend into legitimate advertising streams using paid placements and lookalike storefronts.
According to Bitdefender, the cloned sites are often nearly indistinguishable from official stores, copying layouts, branding elements and product collections. One telltale difference, researchers noted, is unusually steep discounts compared with legitimate promotions.
Security experts are urging consumers to scrutinize domain names, avoid deals that appear unusually generous and rely on security tools to analyze suspicious links before entering sensitive data. The firm warns that the speed at which new domains and ad pages are deployed means campaigns like this can persist even as individual assets are taken down.
