Watch out for Counterfeit Concert Tickets or Fake Hotel Vouchers

Double or, better yet, triple check the authenticity of the ticketing sites that throw at you dazzling offers

Around occasions such as concerts, sports events and holiday booking time, cyber crooks hope that folks would fall for tricks and scams no matter how old they are. Unfortunately, they have been proved right in too many instances.

It all begins with people searching for tickets or vacation bargains on the Internet. They unwarily stumble upon a fake ticketing website or a copy of a legitimate site; see the offer, find the event or the holiday venue they are interested in and decide to make the purchase without further investigating the legitimacy of the sites. Unfortunately once they pay, they will never see neither the tickets nor their money again. They are left instead with a bunch of bogus promises: to receive the ticket in a week’s time or to meet someone at the venue precisely the day of the event. But, this is just a false assurance that will only give the crooks more time to flee the scene.

When planning the perfect vacation, the scenario is as follows: offers of dreamy sceneries start pouring into the people’s inbox. The spam messages are sprinkled with a few pictures of deserted isles, appealing prices for some popular vacation destinations and thus the malicious set is complete.Based on the reports I received from the BitDefender anti-spam labs, the top ranking baits used this year by crooks in their spam messages are “Plan a vacation in sunny Virginia Beach”, “69 euro x settimana in Turchia, Spagna, Sardegna, Sicilia!”



Fig 1. Spam massages advertising unbeatable vacation offers

And then there’s the spam bunch related to ticket confirmation: “Confirm your ticket” or “Order payment verification”.



Fig. 2 Fake ticket confirmation e-mail


And it is not too difficult to fall for such a claim; if the user has just placed, say, an order for a couple of tickets for a particular hotel on a deserted isle, these e-mails will not appear suspicious. Plus, the user will most likely be inclined to access whatever link or attachment added to the message body (of the spam e-mail).  Some of the links lead to compromised sites, where the user gets exposed to worms or Trojans; moreover, should the user fill in a form with critical information regarding the credit card, he or she enables thus the crooks easy access to all the money in the account.

In this case, even if the computer is protected by a very good antivirus solution, the human factor plays a decisive role. Social engineering may help the cyber crook establish a direct connection to the user and trick the later into willingly give away critical data or money. That is why people need to take a few simple safety measure while buying tickets for converts, sports events and vacations:

·         Make sure you know the site from before a particular event

·         Look at other people have to say about a certain ticketing website

·         Try and get into contact with a representative of the company who can provide you with as many details about the seat or the vacation venue as possible

·         Find who the website is registered at Companies House at www.companieshouse.gov.ukand always look for sites that are vouched for by the government

All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.

About the author


A blend of teacher and technical journalist with a pinch of e-threat analysis, Loredana Botezatu writes mostly about malware and spam. She believes that most errors happen between the keyboard and the chair. Loredana has been writing about the IT world and e-security for well over five years and has made a personal goal out of educating computer users about the ins and outs of the cybercrime ecosystem.