On both Ticketmaster and Facebook, and many other sites, when you perform a search on their support site it spits back your query in big letters at the top of the page. If you craft the correct search and then buy Google Ads pretending to be Ticketmaster, then you can redirect users to your call center and scam them. And because they link for your ad actually links to Ticketmaster the ad passes validation and appears to be a legit link in the eyes of Google.
Example of a crafted search term: https://help.ticketmaster.com/hc/en-us/search?utf8=%E2%9C%93...
Yuck all round. I mean ticketmaster is just a sin eater for greedy popstars but yuck ..
Yes, but also it's an impressive digital Jedi mind trick on a website.
signs a question mark with hand
"This is the support number you're looking for."
And the victim is extra primed here because so many companies make it nearly impossible to talk to a human. Yikes!
Almost seems like there's room here for a grey hat to come in and use this trick to do a good faith job trying to help the customer through their problem. Then tell them at the end that a recent anti-trust suit requires them to tell the customer about alternate independent venues in their area where they can support live music.
Bonus points if you point to the actual anti-trust suit!
https://www.justice.gov/archives/opa/pr/justice-department-s...
... call the scam numbers to tie up their staff and prevent them from talking to potential victims. Someone like Kitboga could do this at scale. Where there's a phone number, there's a way.
Here's a real example from the same thing happening on FB (don't call that number) https://i.redd.it/w9htjqflgjle1.jpeg
Tried tapping that link on mobile, got a screen to view the corresponding post. Tapped it, and I got taken to the App Store. No thanks, force quit the App Store and go back.
Now I get a full screen notice on the original Reddit tab saying “didn’t go where you expected? Next time try the long press!” With instructions to not use private browsing and to long press any link and open in safari. (Wha? You, Reddit, are what are trying to force me to use your app!)
So I long press like they say, open in new tab, and what do I see? A large blank page that just says “REDDIT” in all caps, with the button “Get the app” on the bottom. The link was just to “reddit.app.link” the whole time.
Can’t a company who has a website, just … let me use the website? At every possible turn, Reddit HATES anyone using Reddit from a browser. They will ruin every single aspect of the website they possibly can to try to push you to the app. The entirety of reddit.com seems to be just a broken honeypot to get you to use the app instead. I just can’t fathom how a company can be that broken.
Just delete the Reddit website, it would make more sense.
search all of your friends and connections". You may have lost access to your friends and family. To fix this you need to call ....I caught it right after I tried to log in (one of the few sites I remember the password and didn’t have it in a manager). Reset password.
Man did I feel dumb.
I searched the financial institution a few times and the fake ad came up a bunch. I reported but the trust has been broken.
Source: I've also thought this was ridiculous and asked someone working on the adsense team. Apparently tried enforcing some domain verification mechanism in an experiment, but most companies and agencies struggled to get the verification done and of course the $ metrics on this launch dropped, causing execs to force them to stop.
Apparently Live Nation owns many performance venues and leverages their power in that market to gain an advantage in the ticket sales market. “Sell through us or you won’t be allowed to play at any famous venue in this city” kind of deal.
Don’t have any sources beyond “heard it on a podcast” though ¯\_(ツ)_/¯
One version involves sending money to someone with the PayPal account (so the target might think it was sent from their own account) with a "note" to the transaction recipient, which the target sees, which says PayPal has detected unusual activity and please call this phone number to request a refund.
Another involves a "Your ITEM NAME order is on its way" email where the item being ordered is called something like, "Some Company, Inc: Don't recognize the seller? Call us at SOME PHONE NUMBER".
A third is like the second, except it's a "You paid CURRENCY to SELLER" email. This one has the PayPal user's name at the top, so not as convincing perhaps.
Having personal issues with Ticketmaster's pricing methods (causing many to probably never want to do anything that might help) is a different issue than the website being used as a source for redirecting calls to fake call centers.
Since they escalated maybe something will get done. Ticketmaster would have a motivation, if large numbers fall prey to diverted call center scams it only makes their reputation flounder even worse.
(...obvious joke here would be if the scammers actually offer better support, they're just trying to steal call center business)
https://help.ticketmaster.com/hc/en-us/search?utf8=%E2%9C%93&query=help%22%20%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%20Need+Ticketmaster+Support%3F+Call+this+phone+number+-%3E+1-888-BIG-SCAM.If only the Ticketmaster team could show ads on that domain, all these ads would have to go through their marketing team (and use ticketmaster's budget, with all the accounting and invoicing this requires), which would massively slow things down.
Instead, it seems that Google has some kind of protection where ads mentioning Ticketmaster must link to their official domain, to prevent things like this from happening. The scammers just found a way for that domain to display arbitrary text.
Imagine you have the creativity and criminal energy to conceptualize and operate something like this (and the rat tail of justice evasion, laundering money, etc). It seems so much easier to make money in the honest economy.
Unless of course you're operating for a rogue state...
> Outdated Wordpress plugins and CMS systems
No surprise, having worked in edu the following scenario was very common:
1) Researcher gets a grant for a project
2) Grad student sets up a Drupal site for the project
3) Things are maintained and updated for a couple of years
4) Grant runs out, project wraps up, student graduates, everyone forgets about the server which sits unattended and unmaintained.
Still happens, but most universites have really clamped down on the ability to just stand up a web server on the network. Many are requiring everything to be on a centrally managed enterprise CMS which is a PITA but that's the fallout for too much sloppy administration.
Well that's fine; my school did the same thing and other than feeling wasteful there was no-
> All normal ports were open - ssh, http(s), you name it. It was the OG zero trust architecture.
Oh. Yeah, open ports by default is... and interesting life choice.
At my old university even printers had public IP addresses.
We could also get external ips and connectivity without much supervision. Core security needs to be prioritized to avoid this from happening.
This is sad to see, these tools are forced down so many companies in name of "compliance" while totally not worth the maintenance and cost overhead. Apparently they haven't got any better in the last decade.
https://www.virustotal.com/gui/url/6dd23e90ee436e1ff066725aa...
> BitDefender - government
> Sophos - government
> Forcepoint ThreatSeeker - government
gta 5 site:europa.eu https://www.google.com/search?q=gta+5+site%3Aeuropa.eu&hl=en
Watch full site:europa.eu https://www.google.com/search?q=Watch+full+site%3Aeuropa.eu&...
Technically it might not be a "data leak", but it very well could result in one if arbitrary content (including js?) can be uploaded to these webpages?
After some people started publicly naming and shaming on LinkedIn and tagging ENISA, the issue got some exposure, but still was not fixed. It only made it more evident that several people independently reported these issues, and they became aware of peers stumbling over the issue. Still nothing happened.
ENISA is supposed to act as a CNA and expects to be notified of data breaches from EU based orgs for PSIRT / CSIRT as part of the Cybersec Resiliance Act and other laws.
Would I trust that vulnerability data that gets reported as a CVE, or a breach notification is safe with ENSIA ?
... feck no!
Would I trust that documents that europa.eu hosts on its infra are authentic? (such as security-compliance documents telling orgs how to properly implement security, but literally any public communication under one of the domains)
... hecking heck no!
... At this stage I think everyone else except ENISA has control over their infrastructure.
I have been advised not to disclose specific vulnerabilities since the parties involved are not most friendly and transparent in handling security reports. While most of these got reported and some even got fixed, I can only disclose high-level details of the compromise path. Some just ghosted me after conveniently fixing the flaws, and one even gave me a phone call, which was somewhat scary and perhaps not worth the adrenaline.
What an unprofessional sysadmin move, borderline infuriating.
It’s very interesting to look at from the outside, thanks for sharing.
The misspellings and grammatical errors (used to?) continue on the fake sites that are created to steal credentials, and the excuses for most of the reasoning regarding emails do not hold there.
Economically, the scammer wants to do everything they can to get rid of smart or diligent people who might be harder to scam at the expensive part. It feels like it would cost scammers to not have typos.
Also, anecdotal, but the rise of autocorrect, spell checking and LLMs doesn't seem to have made any impact on the quality of spelling in my spam folder over the past 20 years.
I don't know what the state of big corps netsec is today but these guys had it somewhat easy. They got initial access through weak wifi then pivoted with SQL injects and such.
