Dozens of Billie Eilish fans have had their tickets stolen from their accounts in what is an increasingly common occurrence when major artists come to Australia.
In some cases, fans didn’t realise their tickets were gone until they turned up at the venue.
It’s a year after Taylor Swift’s record-breaking Eras tour, which became a target for online thieves looking to take advantage of fans desperate to get tickets.
Taylor Swift’s Eras tour was the target of scammers when she toured Australia last year. (Getty Images)
Third-party breaches lead to scam
A Ticketek spokesperson said the thefts were likely the result of a third-party breach.
Account holders’ usernames, emails or passwords were likely leaked and sold on the dark web to criminals, who then logged into their Ticketek accounts.
From there hackers can sell the tickets to someone else, who could be unaware they’ve purchased stolen tickets.
Shameela Gonzalez from cyber security company CyberCX said scammers are manipulating their targets.
“Scams typically require an individual to be the participant and they’re an innocent victim who doesn’t realise they’ve been manipulated,” she said.
“In this instance they haven’t even been a willing participant, a lot of it is to do with information theft.”
Shameela Gonzalez recommends using strong passwords that are unique to each account to avoid being scammed. (Supplied)
How do criminals get passwords?
Ms Gonzalez said criminals have a lot of different ways they can steal a person’s details.
“They can steal email addresses from almost anywhere and unfortunately a lot of people still innocently put obvious passwords and maybe don’t go to the effort of making really complex ones,” she said.
If you’ve used the same password and username combination across multiple websites it becomes even easier for the hacker, Ms Gonzalez said.
“Once they’ve landed on that combination, then it’s just a spray and pray exercise of figuring out how many different other areas you might have used that same combination.”
If that combination happens to be the same one used for your Ticketek account, then they can log in and access any tickets you have there.
What happens if my tickets are stolen or sold?
A Ticketek spokesman said customers should file a police report and contact customer service if they believe their tickets have been stolen.
Ticketek will work with customers to resolve the issue if the original ticket holder can demonstrate they originally purchased the tickets, their information has been legitimately compromised and the sale was fraudulent, they said.
Ticketek said Australia is a “global hot spot” for account phishing and scams.
The spokesperson said Ticketek was working to strengthen security, including security alerts like multi-factor authentication for key account changes.
How do I avoid having my account breached?
Multi-factor authentication (MFA) and a password manager can be an extra defence against hackers.
“If it requires you to use Face ID or another level of authentication where you store those passwords, that’s a good security measure,” Ms Gonzalez said.
With several high-profile data breaches in recent years, it’s easy to become fatigued by the warnings or to ignore an email about a website breach.
But Ms Gonzalez said that’s making it a lot easier for criminals.
“Your information is your most valuable asset, so if you do become aware of the fact your credentials may have been breached, you do have to act quickly.“
Scams becoming more ‘lifelike’
Ms Gonzalez said scammers are becoming more sophisticated.
“I know the word AI gets thrown around a lot, but actually the real power of artificial intelligence in the hands of a criminal is how bespoke and realistic they can make their attempts,” she said.
Phishing scams — where criminals try to get innocent users to click malicious links or download malware-filled files — are becoming harder to detect, Ms Gonzalez said.
“The landscape when it comes to online fraud, identity theft and scams is getting faster and bigger in volume, and they are becoming more lifelike and sophisticated and harder for individuals to pick up.”