As the Milano Cortina 2026 Winter Olympics approach, cybercriminals are already targeting the Games, with a specific focus on mobile devices. Organizers anticipate an unprecedented level of digital engagement, as billions of fans will be splitting their attention across various platforms, including broadcasts, apps, social media, and streaming services. This trend mirrors what was observed during the Paris 2024 Games, where around five billion people engaged with the event, with 70% using both television and digital platforms. The surge in streaming traffic and app interactions during Paris highlights the growing dominance of mobile devices in live sports consumption.
Major events like the Olympics typically concentrate money, identity, and attention in one spot, making them attractive targets for cybercriminals. European authorities are on heightened alert this week, reporting attempted intrusions on Olympic-related targets, particularly emphasizing the vulnerability of ticketing and streaming systems. U.S. officials involved in security efforts have also identified cyber threats as a significant risk, with scenarios ranging from disruptions in payment and ticketing systems to targeting travelers. Historical data supports these concerns, as previous Olympic Games have seen significant incidents of themed phishing attacks, fake apps, and distributed denial-of-service (DDoS) activities, a trend that threat analysts expect to continue during Milano Cortina.
Why Mobile Devices Are the New Target in the Olympics Era
In 2026, most threats that fans and employees will face are unlikely to breach corporate firewalls. Instead, they will manifest as malicious links, counterfeit ticketing pages, fraudulent streams, and imitation mobile applications, often delivered via SMS, messaging apps, social media advertisements, and search results. During the Paris 2024 Games, law enforcement and researchers noted a dramatic increase in fake ticket websites, with French authorities identifying 338 fraudulent domains in circulation. Police in the UK and Scotland have repeatedly warned of rising ticket fraud during major events, highlighting a common pattern that emerges whenever demand spikes.
Attackers are also increasingly using QR-code phishing, or "quishing," as QR codes can bypass certain email filters and entice users to credential-harvesting websites from their personal devices, which often lack robust security controls. The UK’s National Cyber Security Centre has raised alarms about the rising trend of QR-based phishing attacks, which succeed because they often lure victims away from corporate devices. The Cybersecurity and Infrastructure Security Agency (CISA) has similarly cautioned about mobile spyware and social engineering tactics delivered through consumer messaging apps, which again bypass traditional email security measures.
This issue is not limited to consumers; employees will be using the same devices to access corporate emails, collaboration tools, and sensitive data. Global threat data indicates that phishing remains the leading initial access vector, with the European Union Agency for Cybersecurity (ENISA) attributing approximately 60% of intrusions to phishing attacks, often enhanced by the rapid evolution of social engineering techniques, sometimes assisted by artificial intelligence. The FBI's 2024 Internet Crime Complaint Center (IC3) report confirms this trend, showing that phishing and spoofing were the most reported crime types in a year that saw $16.6 billion in reported cyber losses, marking a 33% increase from the previous year.
What’s Different at Milano Cortina 2026
-
Mobile-led engagement: The streaming model established during Paris 2024 will be further extended. Industry data indicates that smartphones are now the primary devices driving growth in sports streaming and app-based consumption.
- Broader attack surface around fans: The prevalence of fake ticketing, imitation sites, and illicit streams offers cybercriminals proven methods to exploit increased search advertisements and social media visibility. Proofpoint's documentation shows that sponsored fake ticket ads ranked just below official results during 2024, highlighting the ease with which users can be directed to fraudulent pages.
- Geo-political noise increases background risk: Reports from European cyber agencies and media outlets indicate that hacktivist and state-linked operations are probing Olympic-related targets, aiming to disrupt streaming and ticketing services or promote disinformation for visibility.
Device-Level Defense: What Enterprises Should Do Now
To combat these threats, organizations must prioritize real-time detection and blocking of threats on mobile devices. As Olympic-themed lures proliferate through SMS, over-the-top messaging, and mobile browsers, reliance on business email gateways or network perimeters is insufficient. Implementing on-device phishing detection that analyzes links at the point of interaction and inspects pages in real time regardless of VPN is crucial for identifying mobile-specific threats such as deep links and quishing.
Harden Devices Against Malicious and Fake Apps
During Olympic seasons, there is often a surge in look-alike applications claiming to provide schedules or streams. Organizations should enforce mobile application vetting, restrict sideloading where possible, and monitor for risky permissions and repackaged apps. Previous incidents have seen trojanized apps distributed through seemingly legitimate channels during past Games. This risk is particularly acute for enterprises, as employees may install these apps on the same devices used for accessing corporate emails, VPNs, and business applications, inadvertently creating potential attack paths.
Close the QR Gap
Organizations should enhance awareness and controls surrounding QR-based lures. Users must be warned that unsolicited QR codes received via email, SMS, or displayed on posters are high-risk. Mobile browsers should be configured to preview target URLs, and policy-based blocking should be considered for newly registered or suspicious domains accessed through QR scans.
Focus on Identity, Not Just Malware
Olympic-themed attacks frequently aim at stealing credentials and session tokens through phishing and social engineering rather than technical exploits. Organizations should combine mobile threat detection with phishing-resistant multi-factor authentication (MFA) and implement continuous, risk-based access controls. The risk increases when employees authenticate to corporate applications and software-as-a-service (SaaS) platforms from unfamiliar networks and devices during the Games, widening the scope for potential identity compromises. FBI IC3 reporting underscores the scale and financial impact of fraud driven by social engineering globally.
Prepare Your Response for Fan-Driven Fraud
Anticipate spikes in reports related to ticketing, streaming, and betting scams during competition periods. Organizations should have playbooks ready to quarantine compromised mobile accounts, revoke tokens, and guide users towards official channels. Law enforcement warnings about ticket fraud can provide concrete patterns and useful educational opportunities for users.
The Olympics have always been a global spectacle, and now they are set to reach an even broader audience through mobile platforms. Employees will be scanning, tapping, and streaming from the same devices they use for work, outside traditional email gateways and network sensors. For the Milano Cortina 2026 Games, the device itself is the new perimeter. By effectively identifying and mitigating threats on mobile devices including links, apps, and QR lures organizations can significantly reduce risks for both users and the organization while the world watches.
