Spoof Eventbrite phishing emails look to lure in victims in major attack

A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system
(Image credit: weerapatkiatdumrong / Getty Images)

Cybercriminals are increasingly abusing Eventbrite to run successful phishing campaigns, experts have warned.

A report from cybersecurity researchers Perception Point claims to have observed a 900% growth in the rate of such email attacks recently.

The method is quite simple - a malicious actor will register an account with Eventbrite, and set up a fake event under the guise of a reputable brand, with crooks already impersonating the likes of airline Qantas, toll ecollection system Brobizz , web hosting platform One, DHL, EnergyAustralia, and Qatar Post.

Phishing deluge

Creating an event then allows the hackers to create emails through the Eventbrite platform, which is where they draft the phishing messages.

“These emails can include text, images, and links, all of which are prime opportunities for attackers to smatter in malicious content,” the researchers explained. “The attacker then enters their list of targets (or “attendees”) and sends them the invite email.”

Eventbrite is an online platform where users can create, promote, and manage different events. Organizers can use it to sell tickets, and track attendance. Its tools can support different events, from concerts and festivals to workshops and conferences. On the other hand, consumers can use it to browse different events and purchase tickets.

Obviously, the tool also has its own mailing system, through which it can notify users of new events, changes in schedule, and more. Now, security pros are saying that this mailing system is being abused to send phishing messages that are more likely to bypass any email security set up.

In the usual phishing manner, victims are asked to urgently login to solve a problem, and during the process, they share personal information such as login credentials, tax identification numbers, phone numbers, credit card details, and more.

What makes this phishing campaign particularly dangerous is the fact that all emails are sent from the noreply@events.eventbrite.com domain - a trusted name that also makes it past different email filters.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.