Desperate for Taylor Swift tickets? Here are cybersecurity tips to stay safe from scams

Desperate for Taylor Swift tickets? Here are cybersecurity tips to stay safe from scams

The global superstar Taylor Swift is bringing her Eras tour to Australia later this month, with sold-out shows in Sydney and Melbourne. With Swifties numbering in the thousands, fans who didn’t initially secure tickets are understandably desperate to find some.

Enter the many fraudsters seizing this opportunity. Sadly, the Australian Competition and Consumer Commission (ACCC) has reported over A$135,000 already lost to ticket fraud for the Swift concerts. The actual losses are likely to be much higher.

Hackers are also targeting the accounts of ticket holders in order to steal and resell legitimate tickets.

So how can you protect yourself if you are looking to buy or sell Eras tickets, or just want to keep your Ticketek account safe?

The problem is ticket fraud

In recent years, there has been a shift to electronic ticketing for events. This uses a unique barcode (or QR code) which can be dynamic. In the case of Ticketek, electronic tickets are linked to the purchaser’s phone number to reduce fraud.

Electronic ticketing aims to overcome a range of problems, such as counterfeit tickets, duplicate tickets and ticket scalping. Unsurprisingly, scammers have updated their techniques, too.

When purchasing tickets, it can be difficult to know if it is an authentic website, a genuine ticket and a legitimate transaction.

For example, scammers are selling non-existent tickets across a range of social media platforms. They are also creating fake, legitimate-looking websites that lure in unsuspecting victims to hand over their personal details and money in return for heartache.

Many fraudsters are also tricking people with ticket sales on Facebook. Excited fans send the requested payment (usually a cash transfer), but will not receive their promised tickets and are not likely to recover the money.

See also  Banks can't fight online credit card fraud alone, and neither can you

Facebook has many groups where Taylor Swift fans are on the lookout for tickets, making them vulnerable to scammers.
Facebook

Hacked accounts

The prevalence of hacking drives a lot of the ticket fraud. This is particularly evident through the only official reseller of Eras tickets (and many other events) – Ticketek Marketplace.

Some people have had their Ticketek accounts hacked, and offenders have been able to make transactions without the owner’s consent. By the time they realise, it is too late – the owner may have lost their tickets with nothing in return.

There are also many reports of victims whose known contacts (family or friends) message them on social media offering the chance to buy tickets. This approach reduces red flags or suspicions, as it uses existing trust and relationships to get a payment.

However, victims soon find their family member or friend has had their account hacked. Again, there is no ticket and no chance of recovering funds.

Hacking genuine accounts to perpetrate fraud is common. Recently, hackers gained unauthorised access to hotel provider accounts on the popular accommodation website Booking.com. They then communicated with guests to gain direct payments and financial details.

If I’d only played it safe

There are no foolproof guarantees when trying to buy resold tickets. But you can look out for warning signs and take steps to reduce the risk of fraud or being hacked.

Only buy tickets through the authorised seller website. In the case of Swift, that’s Ticketek Marketplace. While customers are reporting long wait times and less than satisfactory user experiences right now, it is still the most likely place to have genuine tickets.

See also  Is your child’s photo on their school Facebook page? What does this mean for their privacy?

Do not, under any circumstances, buy tickets on social media such as Facebook. This includes from known contacts. There is no guarantee that the ticket exists or the person is genuine. There is also no recourse for lost payment.

Never provide or confirm your payment details outside of Ticketek. Do not transfer any cash via a bank transfer to a seller. There are no seller fees on Ticketek Marketplace, and no reason to pay outside of the regulated system.

Ensure you have strong passwords on all your accounts. Do not use the same password on several accounts. This is vitally important to protect yourself against many types of harm, not just ticket fraud.

Enable two-factor authentication on any accounts you can. This provides an additional layer of protection should your password be compromised.


Read more:
What is multi-factor authentication, and how should I be using it?

Use a credit card where possible rather than debit card or cash transfers. You may be able to dispute a transaction or charge if you have used your credit card and may be able to recover any lost funds.

Take screenshots of any communications and transactions when purchasing tickets online. While this will not prevent fraud, it does make it easier to report an incident or figure out what happened.

Always confirm in person or over the phone with any known contacts who have messaged an offer or requested funds. With the prevalence of hacking into accounts, you may not be communicating with the person you think you are.

No one teaches you what to do

If you think you have been a victim of ticket fraud, contact your bank or financial institution immediately. The quicker you can do this, the better.

See also  Six big digital trends to watch in 2022

You should also contact the platform through which you made the transaction (such as Ticketek Marketplace).

You can report any financial losses to ReportCyber, which is an online police reporting portal for cyber incidents, as well as Scamwatch, to assist with education and awareness activities.

If you need support or assistance for any compromise of your identity, contact iDcare.

The Conversation

Cassandra Cross has previously received funding from the Australian Institute of Criminology and the Cybersecurity Cooperative Research Centre.