Feeds

Footy lovers hit in Wembley playoff card snatch scam

Man on - in the middle, claims club

Intelligent flash storage arrays

Provider Ticket Zone is continuing a joint investigation with Brentford Football Club after it emerged that card details used to buy tickets for the League One playoff final last weekend were subsequently used for fraudulent purchases.

Yeovil beat Brentford 2-1 to reach The Championship on Sunday, piling on further misery for many Bees' supporters who had been stung by the fraudulent purchases. Fan Derek Abbey first heard of the apparent scam on a Bees' forum before discovering £380 in fraudulent Oyster Card payments had been deducted from his account, the BBC reports.

Reg reader Faisal told us he was also hit.

"It appears that fraudsters were able to access my online banking account and I don’t think it was my PC that was compromised," he said.

These cases were far from isolated, prompting Brentford and Ticket Zone to launch a joint investigation. Initial forensic work points to a “man in the middle” attack rather than a problem on Ticket Zone's systems or something linked to malware on consumers' PCs, the latest statement on the investigation explains.

Brentford Football Club is continuing its investigation to find out why some card details of those using Ticket Zone to purchase tickets for the npower League One Play-Off Final were compromised.

The Club learned last week that some cardholder data from those buying tickets for the match online had been used fraudulently.

An investigation was immediately launched and initial forensic work pointed to a “man in the middle” attack.

An independent investigation of Ticket Zone’s systems and those of the specialist online queuing company, Queue-it, is now underway and the Police Active Fraud Department have been informed about the security incident and are also investigating.

An investigation as serious as this will not, unfortunately, be resolved quickly.

Brentford FC acknowledged a "great deal of inconvenience has been caused to supporters" and promised it "will not rest until the full details of what has happened have been made public". It encouraged fans to report problems to Ticket Zone, the official club online sales ticketing partner.

An earlier statement, issued shortly after complaints began and the investigation was launched last week, states that Ticket Zone does not store customer card data.

Ticket Zone does not store customer card data at any point and all information is stored in a secure token system that is approved and provided by its banking partner.

Further examinations have also been undertaken in conjunction with the Danish IT company, Queue-it, who provided the front-end queuing system ahead of the Ticket Zone site.

Once again, all systems are shown as clean.

However, following an investigation, it has been noted that a small number of attempts to access the site from unknown web destinations have arrived through unauthorised links shared via social media sites.

Ticket Zone has commissioned forensic specialists to assist their own technical teams with the on-going investigations.

All investigations point towards a MITM “man in the middle” attack intercepting internet traffic prior to landing on the queuing site.

An attack like this would allow a fraudulent third party to record key strokes as they are being made on the customer’s own browser.

When this occurs, neither the customer or Ticket Zone is aware that fraudulent data capture is taking place behind the scenes.

The crime has been reported to the Police via Active Fraud UK and they are now investigating this on Ticket Zone’s behalf.

Supporters of Bradford City buying tickets through Ticket Zone for the League Two play-off final may also have been hit by fraud, according to local reports in Yorkshire. The pattern of fraud seems to be much the same as in the Brentford case, with one Bradford fan getting hit with a £900 fraudulent PayPal charge and another getting stung for £50 in scam mobile phone top-up charges. The fraud involving Bradford City fans have also become the subject of a police investigation, the Bradford Telegraph & Argus reports.

Bradford City FC, which gained promotion to League One in a League Two play off final at Wembley last Saturday, is yet to comment on the matter.

Ticket Zone is yet to respond to our request to comment on the matter. We'll update this story as and when we hear more. ®

Beginner's guide to SSL certificates

More from The Register

next story
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
USB coding anarchy: Consider all sticks licked
Thumb drive design ruled by almighty buck
Attack reveals 81 percent of Tor users but admins call for calm
Cisco Netflow a handy tool for cheapskate attackers
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
Oi, Europe! Tell US feds to GTFO of our servers, say Microsoft and pals
By writing a really angry letter about how it's harming our cloud business, ta
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Reducing the cost and complexity of web vulnerability management
How using vulnerability assessments to identify exploitable weaknesses and take corrective action can reduce the risk of hackers finding your site and attacking it.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.