Phishers reach targets via Eventbrite services
Crooks are leveraging the event management and ticketing website Eventbrite to deliver their phishing emails to potential targets.
“Since July, these attacks have increased 25% week over week, resulting in a total growth rate of 900%,” Perception Point researchers say.
The phishing emails impersonate legitimate companies
The phishing emails look like they are coming from Eventbrite because they are, but their content is crafted to impersonate legitimate businesses such as NLB Group (financial institution), EnergyAustralia (energy company), DHL (delivery service), Qatar Post (post service), and others.
An example of a phishing email sent via the Eventbrite platform (Source: Perception Point)
“Each email urges the recipient to take action: reset your PIN code; verify your delivery address; pay for an outstanding bill; pay for a package. These time-bound requests employ a social engineering tactic threat actors use to prompt the target to act fast,” the researchers noted.
The emails are also sent in multiple languages: English, German, Danish, Slovenian. “By personalizing emails by language and branding, the campaign is not only global but also highly adaptable, evading detection by traditional security measures,” the researchers noted.
Recipients who follow the provided link are taken to lookalikes of legitimate sites and asked to input their personal information, phone number, credit card details, login credentials, etc.
How cyber crooks misuse Eventbrite to deliver phishing emails
On Everbrite, anyone can set up an account and create a new event. The phishers sign up and create fake events under the guise of a reputable brand and embed phishing links within the event description or attachment.
This allows them to send emails via the Eventbrite platform.
“The attacker can enter any email address; it is equivalent to sending an invite – it doesn’t matter if the email address has registered for the event. The emails are targeted and not random. The recipients also do not have to be an Eventbrite user to receive the email,” the researchers told Help Net Security.
“According to Eventbrite, users can send up to 250 promotional emails per day. If they have a PRO package, then it’s a range between 2,000 – 10,000 emails per day. An attacker creating multiple accounts a day could multiply this reach substantially: For instance, with four free accounts, an attacker could potentially send 1,000 phishing emails daily. Although less probable, if attackers leverage the service’s paid Pro plans, they could increase their reach further depending on the plan tier. We do not know if they are doing this, though.”
If the email fools email spam filters – thanks to being sent via Eventbrite’s verified domain and IP address – they land in users’ inboxes, showing noreply@events.eventbrite.com as the sender’s email address.
While the discrepancy between that email address and the email content is obvious to some, others will not even register it and may fall for the social engineering tactic employed.
We have reached out to Eventbrite to ask what steps they are taking to prevent the misuse of their services, and we will share their response when we get it.