The Twelve Frauds of Christmas – Ticket Fraud

Maria Harika

Who doesn’t love a good sporting or concert event? You go online to purchase tickets, but things do not go as planned and rather than watching your favorite team score some goals, a cybercriminal scores them instead.

Now, consumers can buy an event ticket via phone through social media, event websites, second hand websites, or digital box offices. Although convenient, this also makes people more vulnerable to scams.

Ticket fraud occurs when fraudsters use tickets to sporting events, plays, or concerts as bait to steal your money. These criminals include individuals or fake resale companies that take advantage of ticket shortages and desperate fans. This type of fraud can take various forms including creating spurious ticket retail company websites, pricing a ticket higher than its face value, producing counterfeit tickets with fake barcodes and logos of legitimate ticket companies, selling a legitimate tickets to more than one buyer, or flat out pretending to sell a ticket in order to steal credit card information.

In addition to bogus websites, social media platforms, such as Facebook and Twitter, are also a common source of ticket fraud because the target audience is highly active on those platforms and tend to post their tickets online allowing fraudsters to steal and resell the ticket’s information. 

Twitter users have exposed other Twitter accounts that have been trying to scam individuals using concert tickets, as seen below. 

Twitter Users Warning Others of Ticket Scams

It doesn’t just stop at social media, fraudsters will also use smishing tactics by sending text messages advertising tickets, as well as emails. The criminals are on the lookout for any new events. They monitor platforms for any discussion between individuals asking where to buy tickets, and focus in on the target. Fraudsters might even create and advertise fake events that promise live music, great food, and other fun activities on a professional website just to scam individuals. 

Facebook groups, like the ones listed below, provide an online space for users to express interest in purchasing concert tickets or in selling concert tickets. This is a perfect place for criminals to scope out what individuals are publicizing interest and target scam offers at them.

Along with concert tickets, scams targeting sporting events are also quite prevalent. These cybercriminals are also found using social media sites, using fake photos of tickets and even creating a narrative about why they cannot attend the event to sell their story. The cybercriminal then demands a payment by bank transfer and then disappears.

A recent example of sporting event ticket fraud occurred during the 2022 FIFA World Cup. The biggest soccer event in the world is the perfect time for cybercriminals to take their shot. 

As pictured below, twitter user “@gmsectec” exposes a phishing email that was offering a fake free ticket to the Qatar World Cup. The image in the email includes a “Click Here” button that, if clicked, will most likely download malicious content on your device.

Fraudsters Promoting Fake World Cup Ticket Sweepstakes

Additionally, various fraudulent websites were created that try to pose as legitimate Qatar World Cup websites. In the example below, this fraudulent website has not only tried to mimic the real website’s URL but also provided a place for individuals to buy tickets which prompt them to also fill out personal data. While individuals believe they are buying legitimate World Cup tickets, they are instead being scammed and their personal data is stolen.

Reddit threads have also revealed messages between a cybercriminal and an individual attempting to buy Qatar World Cup tickets. The cybercriminal is offering fake printed tickets, however the Qatar World Cup only has digital tickets.

Fake Ticket Giveaways on Reddit

Individuals that have taken the bait and fallen for these scams have given the threat actor an opportunity to not only take the money they thought they paid for, but also steal bank information causing detrimental effects.

It is essential to stay safe and aware of what links you click on and the vendors you might be buying tickets from. Make sure to avoid online marketplaces, think twice about who you trust making a deal with online, and what websites you are attempting to buy a ticket from. 

So if you decide to buy or gift a loved one a ticket to an event, make sure you end up watching your favorite team score those goals and not the cybercriminal!