How Scammers Prey on Big-Ticket Events
Last updated: June 18, 2018
A huge rise in ticket fraud has put music and sports fans at high risk. With global events commanding top dollar — the 2018 Winter Olympics and 2018 FIFA World Cup are good recent examples — the cybersecurity risks associated with big-ticket events are regularly in the spotlight. These tried-and-true scams not only put end users at risk of falling prey to phishing attacks and other breaches, they pose a potential threat to organizations at large if employees visit event-related sites from devices that have access to sensitive company information.
You don't have to look much further than the headlines to find examples:
- Researchers at Kaspersky Lab uncovered a phishing attack that capitalizes on fans of the 2018 FIFA World Cup who are in need of tickets. Coverage of the attack from Tech Radar urges anyone interested in buying tickets to do so only from the official FIFA website.
- International pop star Ed Sheeran's Australian spring tour sold over 1 million tickets across the country, but left many fans high and dry after reports of fake tickets being sold through unauthorized resellers.
- As the practice of selling counterfeit tickets continues to rise, a recent article from the BBB highlights tips on how to avoid ticket-buying scams.
- The 2018 Superbowl sold out in minutes, but that didn't stop scammers from taking advantage of hopeful fans.
- The musical with the most successful first year in Broadway history, Hamilton, left many ticket buyers high and dry due to impossible demand. USA Today recently covered some of the latest victims and what resellers are doing to combat common ticketing scams and errors.
“Cyber-criminals often use big events to lure users with phishing emails and fake websites, exposing fans to intensified and new potential cyber risks. Users should be aware of potential threats and lookout when clicking on links, entering their credentials on websites or making financial transactions,” noted Alexander Karpitsky, Kaspersky’s Head of Technology Licensing, in the Allot Mobile Trends Report.
Online Shopping Tips: How to Stay Safe
We’ve compiled a list of tips shoppers should keep in mind when they purchase an event ticket or related merchandise online:
1. Check the Website's Whois Data
If a site has been up for only a short time (usually a year or less), and is in the name of an individual, this is usually a good indicator that it isn’t legitimate. SSL certificates are sold in an underground market, making them easy to acquire. These certificates give fake websites the façade of legitimacy due to the ‘https’ web address. To avoid being taken advantage of, only buy tickets from well-known, authorized resellers. Large-scale events, such as the 2018 Winter Olympics, usually have a guide.
2. Examine the Website's Social Properties
Take a look at the social accounts for the ticketing websites you visit. A website might get taken down, but its Facebook page can still be live. This is a bad sign. How many negative reviews or comments does the website have on social media? If there are a lot of complaints about customers never receiving tickets or wanting their money back from a website, chances are it’s a fake.
3. Watch Out for Obvious Grammar Mistakes
Many fake websites are written in very poor English, which should raise a red flag to consumers.
4. Never Pay Via Wire Transfer or Bitcoin
If a site asks for payment in wire transfers or online currency, be wary. Bitcoin is an unregulated digital currency that is untraceable, and wire transfers are almost impossible to trace, leaving victims in the dust once scammers get their hands on the money.
5. Use a Separate Credit Card for Online Purchases
When making purchases online, use a separate credit card with a lower limit in case your card information is stolen. It is easier to dispute charges with your credit card company than it is to get money back that was stolen from an account.
If your end users are permitted to access ecommerce sites on devices that also connect to corporate systems and/or data, they must be made aware that their behaviors in these situations are critical to the security of your organization. Proactive education is key to minimizing risk. Our unique approach to security awareness training helps improve knowledge retention and drive lasting behavior change. Explore our portfolio of 18 interactive modules, including URL Training and Mobile Device Security, which you can use to improve your organization’s cybersecurity posture.
Subscribe to the Proofpoint Blog