Some customers of ticket resale marketplace StubHub.com have been targeted by an online phishing scam, the company announced today, October 27.
At the top of its Web site homepage, StubHub alerted customers to the scam and advised them to change their account passwords if they clicked any links in the phishing e-mail.
“We are aware that some people have received an e-mail regarding order number 47223311, which they did not place,” the warning stated. “The e-mail is a phishing e-mail, and was NOT sent by StubHub or any affiliate. Your credit cards have not been charged. Please DO NOT click on any link in the e-mail.”
The warning continued, “If you have logged in to your account via one of the links in the e-mail, you should log into your StubHub account immediately (https://www.stubhub.com/account/) to change your StubHub password. If you have not clicked on any of the links contained in the e-mail, you can safely delete it.”
A StubHub spokesperson told TicketNews that the company did not have any further comments about the incident beyond the published warning.
The company did not disclose when the fake e-mails began turning up in customers’ inboxes, how many customers received them, or how many people may have fallen victim to the scam.
According to the Federal Trade Commission, phishing scams entice victims to provide personal information — such as “credit card numbers, bank account information, Social Security number, passwords, or other sensitive information” — through spam or pop-up messages.
Phishing e-mails often direct victims to a fraudulent Web site that mimics a company’s actual site. Once on the fake site, the person is asked to “update,” “validate,” or “confirm” certain account information, such as the fictitious ticket order in the StubHub case.