Burners Beware: fake Burning Man tickets now on salefor a few hundred dollars

The elusive and wildly popular Burning Man Festival—a weeklong community and art celebration held annually in the Nevada desert—launches its official ticket sales on 26 February. However,
Kaspersky experts have uncovered a phishing website dedicated to Burning Man that has been actively selling fake tickets since the end of Januaryfor just $225,
which is actually about two times less than the cheapest Burning Man tickets officially available.
Phishing—a type of cyberattack aimedat acquiring sensitive data by posing as legitimate organizations—
is one of the most popular types of attacks launched by cybercriminals to collect data that can be usedto access victims’ financial accounts.
Just recently, in Q4 2019, out of the total volume of phishing attacks, 52.61% were attempts to load phishing webpages that sought to steal financial data and accounts at online banks and stores—a 9.42% percent increase from the previous quarter.
Popular events like Burning Man, where demand is high and tickets are limited (attendance was capped last year at 80,000), are prime targets.
That’s why Kaspersky experts weren’t surprised when they uncovered the fraudulent website.
Visitors are given the opportunity to purchase seemingly official tickets to the Burning Man festival when, in reality, thosedon’t go on sale until 26 February.
As a result, victims are at risk of not only losing several hundred dollars,
but also unwittingly giving awaypersonal information like their name,
telephone number,
and email address, all of which could help cybercriminals launch future attacks.
The homepage is designed as an almost exact replica of the official webpage, but a closer look gives its true identity away:
it was registered January 26, 2020 for one year under the name of a private individual rather than a company.
In addition, if the victim is from Russia or a CIS country,
they are redirected to a local e-currency website where they receive a warning that the payment will be transferred to an individual—rather than any kind of legal entity.
Both are highly suspicious considering that Burning Man is a massive project brought together,
by a large organization based out of the US—where online Russian
payment providers are not widely used

On the left is the official Burning Man website. On the right isa phishing website designed as a near replica.

Users who visit the fraudulent site can purchase a “ticket” for $225.

They are then transferred to a “secure” payment page where they can input their card details and complete their purchase.

Scammers can then potentially use this personal info and the card details provided to make additional purchases,

under the card owner’s nameor resell the information on the black market to other cybercriminals for various malicious purposes.

“Phishing attacks are popular among cyber criminals for a reason:

they’re relatively easy to develop, anyone can fall for one, and they’re hugely profitable.

The Burning Man glossary has a word: Obitainium.

It means something useful obtained free.

A ticket that is significantly cheaper than usual is something that, to a certain degree, could seem like an Obitanium to a trustful person.

And that’s what fraudsters are counting on in this particular scam.

They hope people will take the bait and spend their money for nothing. For those who are planning to attend Burning Man this year,

we advise you to triple check that the ticket site is authentic,” says Tatiana Sidorina, security expert at Kaspersky.

شاهد أيضاً

أول بطولة لودو

Abu Dhabi hosts first Yalla Ludo Offline Tournament

Under the patronage and in the presence of Sheikh Sultan bin Khalifa bin Shakhbut Al …

اترك تعليقاً

لن يتم نشر عنوان بريدك الإلكتروني. الحقول الإلزامية مشار إليها بـ *