Cybercriminals are increasingly abusing Eventbrite to carry out successful phishing campaigns, experts warn.
A report from cybersecurity researchers Perception Point recently claims to have observed a 900% growth in the number of such email attacks.
The method is quite simple: a malicious actor registers an account with Eventbrite and sets up a fake event under the guise of a reputable brand, with crooks already posing as airline Qantas, toll collection system Brobizz, web hosting platform One, DHL, Energy Australia and Qatar Mail.
Phishing flood
By creating an event, the hackers can then create emails through the Eventbrite platform, where they craft the phishing messages.
“These emails can contain text, images and links, all of which are excellent opportunities for attackers to learn about malicious content,” the researchers explain. “The attacker then enters his list of targets (or “visitors”) and sends them the invitation email.”
Eventbrite is an online platform where users can create, promote and manage various events. Organizers can use it to sell tickets and track attendance. The tools can support various events, from concerts and festivals to workshops and conferences. On the other hand, consumers can use it to browse different events and purchase tickets.
Naturally, the tool also has its own mailing system, with which it can notify users of new events, schedule changes and more. Now security professionals say this mailing system is being abused to send phishing messages that are more likely to bypass email security.
In typical phishing fashion, victims are asked to urgently log in to resolve an issue, and in the process they share personal information such as login credentials, tax identification numbers, phone numbers, credit card details, and more.
What makes this phishing campaign particularly dangerous is the fact that all emails are sent from the domain noreply@events.eventbrite.com – a trusted name that also passes several email filters.