The campaign, uncovered by Sophos Labs, is “a good old bait-and-switch campaign” that draws victims in with a promise of hard-to-get tickets. The bait of course is the tickets, and the switch is actually more of a catch: people can’t proceed without sharing the Facebook page that promoted the site, before seeing what the site was all about.
As Sophos researcher Paul Ducklin explained in an analysis, in the Rolling Stones case, “you had to wait until ten of your friends had clicked through via your uniquely coded web link before you could join the supposed queue for free tickets.”
One Direction comes a bit dearer: “No disrespect to Mick, Keef, Charlie and Ronnie, but to get into line for 1D tickets, Directioners need to get 15 clicks via their personalized web links, not just 10,” Ducklin said.
There’s also another “structurally-identical scam trying to suck in dance music fans,” he said, by offering tickets to this year's Tomorrowland event in Belgium.
Clearly the scammers are attempting to go viral, to have users share the site and push friends into visiting it.
But to what end? The hassle factor seems to be primary: if users take anything more than a cursory look at the offer, they end up actively recommending the scams to friends. And they’re just becoming pawns in what seems to essentially be a social networking equivalent of a chain mail letter: once the page is shared, there’s no way to tell how many times the personal link has been clicked – if you click on it a new unique link is presented with a click count of zero.
In all three scams, the websites state that the free tickets will take three to five business days to arrive. The Stones and One Direction sites claim, “Since we are from the UK, the shipping time is different from country to country,” while the Tomorrowland scam swaps “UK” for “Belgium.”
Ducklin noted that the relationship between the scams is obvious, because they all seem to be driven by the same templating system; they all work in the same way; and two of them are hosted on the same server. But in attempting to track down the origin of the issue, the two claiming a UK provenance have .com web addresses that resolve to a server in Switzerland, while the scam supposedly from Belgium has a .eu web address that is hosted on a server in the US.
“The registration details for the three domain names are all different: one lists an individual claiming to be in Germany; the other two shield the real registrants behind registration proxies in Panama and The Bahamas,” Ducklin said, illustrating the shadowy shell game that characterizes the cyber-underground.
Bottom line? “We urge all Rolling Stones fans, as responsible grandparents, to explain to their grandchildren why there aren't any free tickets at the end of scams like this,” Ducklin said. In other words, be aware before you share.