Cyabra’s analysis uncovered fake accounts impersonating Ticketmaster Customer Service pages on Facebook, and luring unsuspecting potential customers into sophisticated phishing attacks.
Sports fans, concert lovers, and theater enthusiasts all regularly use Ticketmaster. Founded all the way back in 1976, Ticketmaster is considered the world’s largest ticket marketplace. Originally a US-based company, Ticketmaster has spread in recent years to UK, Canada, France, Australia, and over 20 other countries across the globe.
The fact that Ticketmaster has numerous offices and service providers around the world, and that their business is selling tickets online both combine to create fertile soil for scammers to take root.
One-Way Ticket to Scam-Land
Cyabra’s analysis uncovered a community of fake accounts posing as Ticketmaster. While scammers have been part of social media for almost as long as social media existed, malicious actors impersonating major brands and companies just grow in numbers and in sophistication. The sizes of those international companies make it easier for those bad actors to slip under the radar and be treated as a negligible phenomenon.
But over time, online impersonation reports and scams stack up, chipping away even at the reputation of a huge, reliable brand like Ticketmaster.
Cyabra identified 9 Facebook accounts impersonating Ticketmaster’s customer service. Eight of those nine profiles were created around the same time, during September and October 2022. Some of them started posting content only months later.
Most of those fake accounts used the same images and shared similar content, which implies they were all created by the same scammer or scammer community.
When we think about fake profiles, most of us are concerned about bots – million of accounts created with one click and operated automatically. But in this case, the fake profiles Cyabra uncovered are, in all probability, sock puppets: accounts operated manually by real people, hiding behind a fake identity to cause harm.
Sock puppets might require quite a lot of manual labor, but they give their operators much more control than bots do. The fake content Cyabra has uncovered was clearly designed using sophisticated techniques, that were conducted by real human beings with criminal intent, who ended up wreak quite a lot of havoc on Ticketmaster’s brand reputation.
The Scam, the Spam, and the Sham
The malicious accounts impersonating Ticketmaster customer support showed a clever use of scam tactics: their posts were copied from real Tickermaster profiles – either the international Ticketmaster or the UK one – and while some of those posts included links to phishing sites, others included links to real Ticketmaster sites, probably in an effort to raise their credibility in the eyes of casual viewers.
Another method used by the same bad actors to raise their trustworthiness was making it look like they were receiving much more engagement than they really were. They were doing so by using images of posts from the official Ticketmaster profiles, with a carefully cut screenshot that included the original posts’ engagement. While this screenshot only looked real when not studied carefully, most of us don’t really study posts carefully while scrolling through our feed.
Some of the fake profiles impersonating Ticketmaster that Cyabra identified were still active while this story was being written.
Can You Identify Malicious Actors Impersonating Your Company?
Even if you’re a threat intel or cyber security expert, identifying fake profiles and fake content on social media requires a completely new skill set. Not only that: your fans and followers on social media are now expecting a company or brand to be the first to know of any impersonations or fake profiles using their names, and alerting the same fans and followers, warning them to watch out for scams. Don’t wait for customers’ disappointment to turn into resentment and consumer rage. Cyabra provides accurate, cross-platform, multi-language, real-time social threat intelligence. Contact us to set up a demo, with promised results from the first call.
