Blog
Ask the Analyst: Nisos Events and Ticket Fraud Expert Kirk Maguire
Over fifteen million visitors, including 2 million international attendees, are expected to travel to the 2024 Paris Olympics. The opening ceremony alone is estimated to have 300,000 spectators, with 220,000 attendees receiving free tickets. Unfortunately, as we have seen with the Super Bowl and the NCAA Final Four, the sheer scale of the event makes it a feast for ticket fraudsters looking to make a buck off people’s desperation to attend.
In this blog, we interview Nisos Intelligence Analyst and ticket fraud expert Kirk Maguire about what to expect before and during the 2024 Olympic games. Kirk regularly investigates cyber, physical, and reputational threats to global events. His research has contributed to ticket fraud coverage in the Detroit Free Press, Fox News, Tech Times, and the Sun.
1. With the Olympics on the horizon, what trends in ticket fraud have you observed from other events we should expect to see?
As the event nears and people realize they want to be part of it and attend, they may seek to gain tickets through non-official streams. This may be a raffle that you would enter to be eligible for tickets. Raffles are common for international events, where the event wants to limit bias or one nation’s fans getting preference over another; it’s the luck of the draw that can drive feelings of scarcity.
Victims enter, sometimes not realizing official raffles for tickets were completed months earlier or perhaps knowing they missed out on the official raffles but feeling desperate for tickets. Out of desperation, they’ll search for tickets on social media and use avenues that are not encouraged by governing bodies and or the event organizers. That is where adversaries seek to capture victims and drive financial gain.
Most events we’ve looked at recently have had incidences of ticket fraud. That’s no surprise for big events like March Madness, the Super Bowl, and Taylor Swift concerts, but we’ve also seen if we put a call out for tickets to very niche events, we get prompt responses with offers of tickets. It doesn’t have to be a big event to be exploited. Threat actors are very opportunistic.
2. How is ticket scarcity exploited in these schemes? How early are these threats staged? Do they accelerate right before/during the event?
As soon as they get the vibe that there is going to be a scarcity element, one of the principles of social engineering, they latch on to that. “I have tickets, and you won’t be able to get them anywhere else. I’ll offer you a great price.” We see all of the typical social engineering techniques we would expect to see, especially emphasizing that they can make a quick sale and get you the tickets you asked for.
3. How does the Olympics being an international event complicate the process of investigating ticket fraud threats?
If it’s a big, popular event that an adversary knows people want to attend, chances are they have created tickets already and will resend us something they have used on other victims. The size and popularity of the event means adversaries may have a wealth of resources pre-staged, avoiding the need to create ad hoc tickets as requests come in. Some threat actor groups may share content, creating tickets for, say, Boxing or the Triathlon and making them available in a shared drive.
The popularity of the Olympics also means we likely won’t have to engage directly with scammers as often because victims will start to make themselves known. We’ll look for claims online that “I’ve been scammed by this account,” and we can start digging in there.
4. Have you seen AI used in ticket fraud schemes, and if so, how?
We are confident that they are using automation for victim detection, and that’s typically based on sentence structure. So if you post a message saying, “I am looking for tickets for X event,” threat actors have automation looking for those messages and can respond right away. These groups are highly competitive, so they want to be the first to respond because chances are there will only be one opportunity to scam each victim. If you’re going to be scammed, they want to be sure that they’re the ones doing it.
They want to be the first in your inbox and the first to reply. We’ve experimented with this by structuring the sentence for a ticket request differently each time and comparing the results. A slight change in word choice or order can yield different results, suggesting an element of Artificial Intelligence may be under the hood.
5. How else might ticket fraud evolve?
At the same time, social media is a haven for fraud and a great opportunity for attackers to find victims. The actual techniques they ultimately use come down to traditional social engineering techniques we have seen for over a decade. As people become more aware of ticket fraud schemes, the threat actors will have to provide greater amounts of proof to establish the trust needed to complete the ruse. Some of this will be through more sophisticated fake documents, like the tickets or purchase receipts.
We also see threat actors making a greater effort to justify why they are selling the tickets, coming up with stories that convince their specific target, and engender trust. We’ve seen explanations like “My spouse is in the hospital,” or “I have to travel out of the country suddenly for work and can’t attend,”– anything to seem more legitimate and encourage the sale.
Threat actors would put the time, effort, and investment in these schemes if they weren’t succeeding at that level, which is why it has become so competitive. It’s not going away anytime soon, unfortunately.
About Nisos®
Nisos is the Managed Intelligence Company. We are a trusted digital investigations partner, specializing in unmasking threats to protect people, organizations, and their digital ecosystems in the commercial and public sectors. Our open source intelligence services help security, intelligence, legal, and trust and safety teams make critical decisions, impose real world consequences, and increase adversary costs. For more information, visit: https://www.nisos.com.