Concertgoers and sports fans are increasingly being targeted by cybercriminals in a new wave of attacks on the online ticket resale market.
Security experts have reported a huge spike in ‘form-jacking’ incidents and other fraudulent techniques in the UAE to steal credit card information or dupe consumers into buying fake event tickets.
Cybercriminals use the technique to intercept banking information direct from an e-commerce site during an online purchase.
Security experts at Norton Symantec reported a staggering 381 per cent increase in such cases across the UAE in June.
Candid Wueest, a cyber threat researcher at the company, said online consumers desperate to buy tickets for sold out events were those most vulnerable to fraud, particularly for smaller events with weaker security measures.
“People are searching for tickets for sold out events online and see the secondary resale market as their only option of attending these big concerts,” he said.
Mr Wueest said cybercriminals employed several types of scams.
“One is where criminals will set up a bogus ticket reselling platform, which will be supported by social media promotion to boost its credibility.
“Operators will extract details like credit card and address, but will not deliver any tickets.
“The sites shut down, and criminals will often then set up under a new name.”
Cyber security firm Symantec said it prevents an average of about 1,000 attempts by online stores to steal a customer’s payment details every month in the UAE.
Attacks on online shoppers increased to 7,282 during June, up from 1,514 similar incidents in May.
It is not clear what led to the spike in criminality, although flight and hotel bookings ahead of the Eid getaway may have contributed to the increase, experts said.
According to the latest Symantec Internet Security Threat Report for this year, form-jackers compromised 4,818 unique websites every month in 2018.
The company blocked more than 3.7 million form-jacking attempts worldwide, with more than a million in the final two months of 2018 during the Christmas online shopping bonanza.
In January, Symantec recorded 990 fraudulent attempts in the UAE.
By February, that number had almost doubled to 1,754, and increased by close to a thousand incidents a month later.
A brief lull in detections occurred in April with just 638 incidents before a significant May increase.
The online secondary market, where tickets for high profile events can exchange hands for tens of thousands of dollars, is an emerging market for fraudsters, according to Mr Wueest, who lives in the UK.
“Cyber criminals are attacking ticketing websites because it works so we are seeing a lot of growth in this area,” he said.
“On auction sites like eBay, where people will be selling tickets but using fake accounts or hijacked accounts to pose as legitimate ticket sellers.
“They ask for money to be transferred via Western Union or PayPal and then disappear. In some cases, they will send out a ticket in return but it will be a counterfeit ticket.
“We’ve seen attacks on legitimate sites like Ticketmaster where criminals compromise the website with a small piece of code that captures credit card information and sends it off to the attackers.
“The person may receive the ticket, but the criminals will have your credit card details which are then sold off on the black market.”
In June, Symantec recorded more than 800,000 global attacks where consumers had their credit card information stolen during an online transaction.
Hotel sites, travel sites, events and food were all transactions compromised.
Tickets for larger events such as the 2019 Champions League Final in Madrid between Liverpool and Tottenham Hotspur are becoming harder to forge, thanks to hologram technology and other failsafes.
But smaller concerts and events where buyers can print their own tickets at home with a barcode are more open to fraudsters.
In March, Abu Dhabi event organisers warned concertgoers to look out for fake tickets sold online.
Flash Entertainment said dozens of people had presented fake tickets when trying to enter concerts in Abu Dhabi by the composer Yanni and tenor Andrea Bocelli.
Some had paid eight times the face value for counterfeit tickets.
“Consumers should research the website before they buy, and use a different web browser to check if it is legitimate,” said Mr Wueest.