Scammers created a fake website to masquerade as the organizers of Burning Man and to trick people into buying non-existent tickets for the arts event.
Kaspersky Lab discovered a fraudulent website that attempted to capitalize on people’s interest in attending the event. The site leveraged the same colors, fonts and design as “burningman.org,” the official website. Its URL also contained the string “burningman,” thereby adding an additional sense of legitimacy to the site.
Not surprisingly, the fake website also copied the original site’s ticket information section. But it differed in that it omitted the detail of users needing to register for a specific period in the ticket sale process. Instead, the site said that users could purchase tickets immediately by clicking a “To Buy a Ticket” link.
Researchers at the Russian security firm found that the website leveraged a sense of urgency to pressure users into acting quickly. As they explained in their research:
To hurry the victim along, the cybercriminals claim that only 300 tickets are left, and that the next batch will appear only a month later and at a higher price. The offer promises a “GUARANTEED benefit” of 150%, no less, though what that “benefit” might be is left to the reader’s imagination.
Once they clicked on the link, the campaign directed its users to a payment portal. This page instructed them to supply their personal and payment card details for the purpose of obtaining a ticket for $225. Not surprisingly, users who went through the payment process didn’t receive what they paid for.
The site described above isn’t the first time that digital attackers have attempted to prey upon Burning Man fans. Back in January 2018, for instance, VICE reported on the efforts of a company called “NYC VIP Access” to lure in people with fake pre-sale tickets.
Users need to take steps to protect themselves against scams involving Burning Man and other events that interest them. One of the ways they can do this is by familiarizing themselves about some of the most common types of phishing attacks in circulation today. This resource serves as a good starting point.