TicketWeb, an online ticket sales website, was attacked in a phishing scam on Feb. 11, 2012.
TicketWeb, a subsidiary of Ticketmaster, is a primary ticket site that is dedicated to serving independent venues and promoters. TicketWeb currently operates sites based in the United States, U.K., and Canada. Its clients include the Pitchfork Music Festival, Café du Nord in San Francisco, and the O2 Academies in Europe.
According to a statement from TicketWeb, users of its site were sent as many as four separate emails that stated the site was launching a new PDF version of the site. The emails prompted users to click through to a PDF on a third party website that instructed the user to enter sensitive data, including credit card information.
The attack affected only customers of TicketWeb’s U.K. site. TicketWeb released the following email to customers following the series of phishing emails: “We have discovered that our Ticketweb UK direct email marketing system was exposed to unauthorized access.” The email also instructed customers to delete the suspicious series of emails.
TicketWeb has also stated that any credit card information held by the website was not “vulnerable during the attack.” However, the site is encouraging any customers who may have fallen victim to the phishing attack and entered credit card information into the third party PDF form to “contact their card issuer immediately for advice in respect of the best course of action to take in their particular circumstances.”
According to TicketWeb, the site has since taken steps to prevent any additional “vulnerability” to the site, and will be continuing to investigate the situation. Once more information becomes available, TicketWeb will inform their U.K. customers via email.
Phishing scams are an unfortunate by-product of internet commerce. According to the Federal Trade Commission (FTC), phishing scams are fairly common and frequently involve “internet fraudsters who send spam or pop-up messages to lure personal information (credit card numbers, bank account information, Social Security number, passwords, or other sensitive information) from unsuspecting victims.”
While the world of online ticket sales has remained relatively unscathed by such scams of late, TicketWeb’s recent attack is certainly not the first instance of phishing attacks.
This past October 2011 saw certain StubHub customers receive phishing emails informing them of a phantom purchase made by their account and prompting them to click through to a third party website to re-register their StubHub accounts. Like TicketWeb, StubHub took immediate action and urged customers to change their passwords.
If you receive communication from any site that instructs you to re-enter personal information, the FTC recommends you first contact the website for clarification before clicking through any links contained within the email. If you believe you have received a phishing email, the FTC recommends reporting the email both to the company involved and to the FTC.