The frenzy to land a seat at one of Taylor Swift’s Vancouver concerts has been at a fever pitch all year. Now that the shows are coming soon (Dec. 6-8), Ticketmaster has responded to the ever-evolving trickery of scammers by only allowing ticket resales in a three-day window leading up to the concert dates.
What does that mean for those looking to buy or sell tickets in the resale market? What kinds of scams are out there and how can they be avoided?
We asked Jane Arnett, a cybersecurity expert at Check Point, how to avoid fraudsters lurking behind countless social-media accounts and fake websites.
Answers have been edited for length, and we’ve also shared perspective from Ticketmaster itself.
Q: Scams are proliferating for Swift’s concerts in Canada. What should potential buyers and sellers watch for to avoid them?
A: Scammers can fall into several categories. Some attempt to deceive buyers into paying money for tickets that will never be delivered, while others seek personal information to gain access to a larger jackpot.
Another category is those trying to obtain tickets already purchased, either by impersonating a legitimate person to send tickets to or by gaining access to an account and transferring them without permission.
Q: Does Ticketmaster’s recent data breach play a part? What do you know about the company’s response? And what should customers do to protect themselves?
A: Likely, yes. Ticketmaster notes on its website that it reached out to those affected, offering credit monitoring services. It appears they have since been rolling out multi-factor authentication (MFA) and have recently changed ticket transfer requests to start 72 hours before the event.
Other breaches have likely contributed as well. Many people reuse usernames and passwords across multiple sites, making them exponentially more exposed. To ensure an account is protected, always use unique passwords.
Customers should use long passwords and avoid reusing them across multiple platforms. One way to do this is by leveraging a reputable password manager. Second, use MFA everywhere possible. And be wary of giving account information away — whether it’s to ticket-sellers or via contest entries; anyone could be a target.
Ticketmaster said no passwords were exposed during the data breach earlier this year. Its review showed unauthorized activity on a cloud database hosted by a third-party provider that revealed “limited personal information” for some customers, all of whom were contacted and told what to do.
Q: What are the signs of a dodgy dealer? How can you spot a fraud attempt?
A: Some signs include urgent calls to action, too-good-to-be-true offers, sellers that cannot be easily verified online or on social media, an excessive number of positive online reviews, and web pages requesting personal information that do not use a secure “https” connection.
Fake websites can also be masked as legitimate websites, and can be difficult to spot. Prospective ticket buyers should use a security subscription that prevents them from putting information into these websites unless needed.
Q: Are there new techniques being employed because of the crazy interest in Swift’s shows?
A: Yes, some bad actors are hacking social media accounts to try to obtain tickets from the account owner’s contacts. This isn’t new, and it’s not just happening to Taylor Swift fans. But the scarcity of shows and available seats, and the prices fans are willing to pay for tickets is making it particularly attractive to scammers.
Q: Overall, what’s your advice to steer clear of scams and identity fraud?
A: Staying safe from scammers starts with excellent password hygiene, especially for the email address to which all password reset requests are sent.
Prospective buyers should also use reputable vendors with “replace and refund” policies in place. Only enter contests organized by known and trusted businesses. If tickets are being transferred, verify the details of the transaction by calling the seller directly to confirm their identity.
Q: What does Ticketmaster say about its ticket security?
A: Our digital ticketing innovations have greatly reduced fraud compared to the days of paper tickets and duplicated PDFs, said a Ticketmaster spokesperson. Having that digital history is also how we are able to investigate the situation and restore fans’ tickets in nearly every case, with most getting confirmation that their tickets were recovered within 48 hours.
The top way fans can protect themselves is setting a strong, unique password that isn’t used elsewhere for all accounts — especially for a personal email, which is where many security issues originate.
Scammers are looking for new cheats across every industry, and tickets will always be a target because they are valuable. Ticketmaster is constantly investing in new security enhancements to safeguard fans. Some you will see, such as increased MFA checkpoints and password resets, while others work behind the scenes.
More information on protecting against ticketing scams is available at Ticketmaster’s blog.