Boxing Bill Phishing Attack

Monday, October 31, 2011 @ 06:10 PM gHale


An email scam masquerading as an order confirmation from StubHub landed in mailboxes last week.

The San Francisco-based online ticket broker, a subsidiary of eBay Inc., first learned of the scam Thursday morning, and within a few hours phone calls started coming in, said spokesman Glenn Lehrman.

RELATED STORIES
RSA Attack Traces to China
XML Encryption Insecure
Hacking RFID Smart Cards
Two Groups Join in RSA Attack

The company placed a warning notice on its home page advising recipients not to click on any link in the email. Lehrman said the company has been sending messages out through social media to notify customers.

The Better Business Bureau is also working with the StubHub to warn consumers.

Here are the highlights of the attack:

The email looks like a receipt for an order for two tickets to a boxing match in Las Vegas on Nov. 12. It looks like StubHub sent it, and the charge is for $2,766.95.

Lehrman said no charges have hit any accounts. The email apparently went to both StubHub users and individuals who have never purchased tickets from the site.

Like any phishing scam, the fake email is aiming to dupe recipients into clicking on the embedded links, in an attempt to obtain sensitive information like credit card account numbers and passwords.

StubHub does not display credit card details on its site, but Lehrman said it is possible to order tickets from an established account using stored payment information.

Anyone who clicked through the email and entered StubHub account information should go to the company’s website and change their password as soon as possible, which will make it harder for the scammers if they attempt to access accounts.

The fake StubHub email appears to have come from Eastern Europe, Lehrman said. That’s a common origination point for online scams.

Phishing usually steals financial information or personal information. Individuals who believe they’ve fallen for such a scam should report it to the Internet Crime Complaint Center, or IC3, which is a partnership between the Federal Bureau of Investigation and the National White Collar Crime Center.



Leave a Reply

You must be logged in to post a comment.