Social Media Accounts Hacked for Concert Ticket Scams, Exploiting Trust Networks
London, UK – A surge in concert ticket scams is leveraging compromised social media accounts, particularly on platforms like Facebook adn Instagram, to trick unsuspecting fans. Scammers are reportedly hacking into personal accounts, then using them to post fake ticket listings, preying on the trust users have in their friends and acquaintances.
Cybersecurity experts highlight that this tactic is particularly effective because it bypasses the natural skepticism people might have towards unknown sellers.When a ticket offer appears on the account of a friend or a friend of a friend, it creates a false sense of security. “It’s not an Oasis Facebook group which is entirely random – buying tickets there would be a complete gamble. Instead, they’re buying from people they know, or friends of friends – they’re verified. It’s doing exactly what we tell people to do,” explains Jake Moore, a cybersecurity expert at ESET.
The sophistication of these scams is increasing, with AI perhaps being used to craft messages that mimic the victim’s usual communication style, including their sign-offs and even common grammatical errors or emojis. This allows scammers to maintain the illusion of authenticity, even if they are not native English speakers or are concerned about their writing.
While it might seem logical that scammers would target accounts of known music enthusiasts, experts suggest the approach is often less targeted and more of a “numbers game.” Accounts that haven’t been used in years are being compromised, indicating that criminals are attempting to gain access to as many accounts as possible.
the methods used to compromise these accounts vary. Phishing attacks,where users are tricked into revealing their login details,and the use of insecure public Wi-fi networks are common entry points. A prevalent method is “credentials stuffing,” where criminals use login facts stolen from one data breach to attempt access to other online accounts, especially if users reuse passwords across multiple platforms.
In-app attacks are also a concern, where fraudulent messages mimic legitimate system alerts, prompting users to re-enter their login details to regain access to their accounts.
To combat these threats, cybersecurity professionals strongly advise users to enable two-factor authentication (2FA) or two-step verification on their social media accounts. This additional security layer makes it substantially harder for unauthorized individuals to gain access, forcing them to move on to less protected targets.
