Experience Fraud: From Taylor Swift to the Olympics

Many music, sports, and theatre lovers have joined a virtual ticketing queue and failed to secure a ticket. Some ticket seekers end their search there, but for others it is simply the beginning. Fans are turning to online marketplaces, chat forums, and ticket resellers to find seats. Some people expand their internet hunt for accommodation to maximize their experience. But as the excitement and drive for tickets and hotels thrive, so does the threat of fraud.

Scammers use sophisticated techniques to dupe eager fans, and high-profile events are particularly vulnerable because demand exceeds supply. Many fans of singer-songwriter Taylor Swift became victims when threat actors exploited the popularity of her Eras Tour to create counterfeit tickets, sell the same legitimate ticket to multiple buyers, or fail to provide a ticket after payment. Lloyds Bank estimated that UK fans lost approximately £1 million (over $1.25 million USD) to Taylor Swift ticket scams. In addition, they reported that “90% of fake ticket sales were made via Facebook.” In July 2024, threat actors demanded that ticket vendor Ticketmaster pay a ransom to prevent the release of hundreds of thousands of alleged Eras Tour ticket barcodes. The vendor clarified that the static barcodes were of no value because their technology refreshes the barcodes every few seconds. Law enforcement has identified similar scams exploiting the Paris 2024 Summer Olympic Games.

Online marketplaces offer convenience and ease of browsing as part of social media platforms. This appeal also makes them popular with fraudsters. Santander reported that ticket fraud via online marketplaces has “doubled compared with a year ago — soaring by 144 per cent.” Platforms like Facebook and X (formerly Twitter) support peer-to-peer transactions, enabling users to sell pretty much anything to anyone. Transactions are typically not regulated. Scammers can also target specific groups and chat spaces that are based on specific demographics, locations, or interests.

Threat actors have broadened their schemes to target individuals seeking accommodation for these events. Taylor Swift fans preparing for her performances at Wembley Stadium reportedly fell victim to sophisticated scams through platforms like Airbnb. Fraudsters created fake listings for nonexistent accommodations to deceive concertgoers. These scams are becoming more common and leave victims without their money or a place to stay.

Fans can take several preventative steps to avoid “experience fraud”:

Always purchase from reputable sources. Reputable ticket sources may include the event's official website, authorized ticket sellers, or verified resale platforms. Fans can identify reputable sources by navigating from the artist or event’s official page or by checking for sellers on websites such as Society of Ticket Agents and Retailers (STAR). There is usually little recourse for victims on unregulated marketplaces used by social media. Trustworthy sources typically guarantee a ticket’s authenticity and offer buyer protection, providing processes for disputes and refunds. Similarly, use reputable booking platforms for accommodations and check for an established history of verified customer reviews. Read reviews carefully for possible fake reviews or “red flags”. Research the property by cross-referencing the listing with other travel websites, checking Google Street View, and asking the host for additional photos or information.
Be wary of offers that seem too good to be true. Advertisements for significantly discounted tickets, luxury rooms, or seats or accommodations in prime locations are often used as a trap to attract potential victims. Some threat actors use pressure techniques to secure a quick sale. If something doesn’t feel right, walk away.
Use secure payment methods. Credit cards and PayPal have mechanisms in place for disputing fraudulent charges. These mechanisms provide an added layer of protection for buyers and processes for seeking help if problems arise. Always refuse to purchase with cash or wire transfers.
Verify websites’ authenticity. Fraudsters leverage techniques such as typosquatting to trick victims into visiting malicious websites. The domain name and website may mimic a legitimate source to convince victims the transactions are authentic. Threat actors often purchase variations on a popular domain to target users who accidentally misspell the official website address in their browser. SEO poisoning is also an increasingly popular tactic to manipulate search results and redirect users to malicious websites. To evaluate the authenticity and security of a website, consider factors such as encryption status, customer reviews, spelling in the URL (including watching for replacement of visually similar characters, such as an uppercase “i" instead of a lowercase “L”), and formatting and content of the web pages. If you visit a website or application that appears malicious or untrustworthy, then close it, clear the cookies and site cache from your web browser, and delete the page or application from your browser history. If you provided credentials or financial information, escalate the incident with appropriate organizations (e.g., your bank or credit card provider, the legitimate vendor) and change your password.

Experience fraud can have financial and emotional consequences. The following organizations provide guidance and support for victims:

Scammers will continue to target music, sports, and theatre fans, but awareness and caution are powerful tools in combating it. Being diligent in where and how you purchase tickets and accommodations can help you avoid becoming a victim.

Learn about other accommodation-related fraud in Vidar Infostealer Steals Booking.com Credentials in Fraud Scam.