Feeds

Footy lovers hit in Wembley playoff card snatch scam

Man on - in the middle, claims club

Build a business case: developing custom apps

Provider Ticket Zone is continuing a joint investigation with Brentford Football Club after it emerged that card details used to buy tickets for the League One playoff final last weekend were subsequently used for fraudulent purchases.

Yeovil beat Brentford 2-1 to reach The Championship on Sunday, piling on further misery for many Bees' supporters who had been stung by the fraudulent purchases. Fan Derek Abbey first heard of the apparent scam on a Bees' forum before discovering £380 in fraudulent Oyster Card payments had been deducted from his account, the BBC reports.

Reg reader Faisal told us he was also hit.

"It appears that fraudsters were able to access my online banking account and I don’t think it was my PC that was compromised," he said.

These cases were far from isolated, prompting Brentford and Ticket Zone to launch a joint investigation. Initial forensic work points to a “man in the middle” attack rather than a problem on Ticket Zone's systems or something linked to malware on consumers' PCs, the latest statement on the investigation explains.

Brentford Football Club is continuing its investigation to find out why some card details of those using Ticket Zone to purchase tickets for the npower League One Play-Off Final were compromised.

The Club learned last week that some cardholder data from those buying tickets for the match online had been used fraudulently.

An investigation was immediately launched and initial forensic work pointed to a “man in the middle” attack.

An independent investigation of Ticket Zone’s systems and those of the specialist online queuing company, Queue-it, is now underway and the Police Active Fraud Department have been informed about the security incident and are also investigating.

An investigation as serious as this will not, unfortunately, be resolved quickly.

Brentford FC acknowledged a "great deal of inconvenience has been caused to supporters" and promised it "will not rest until the full details of what has happened have been made public". It encouraged fans to report problems to Ticket Zone, the official club online sales ticketing partner.

An earlier statement, issued shortly after complaints began and the investigation was launched last week, states that Ticket Zone does not store customer card data.

Ticket Zone does not store customer card data at any point and all information is stored in a secure token system that is approved and provided by its banking partner.

Further examinations have also been undertaken in conjunction with the Danish IT company, Queue-it, who provided the front-end queuing system ahead of the Ticket Zone site.

Once again, all systems are shown as clean.

However, following an investigation, it has been noted that a small number of attempts to access the site from unknown web destinations have arrived through unauthorised links shared via social media sites.

Ticket Zone has commissioned forensic specialists to assist their own technical teams with the on-going investigations.

All investigations point towards a MITM “man in the middle” attack intercepting internet traffic prior to landing on the queuing site.

An attack like this would allow a fraudulent third party to record key strokes as they are being made on the customer’s own browser.

When this occurs, neither the customer or Ticket Zone is aware that fraudulent data capture is taking place behind the scenes.

The crime has been reported to the Police via Active Fraud UK and they are now investigating this on Ticket Zone’s behalf.

Supporters of Bradford City buying tickets through Ticket Zone for the League Two play-off final may also have been hit by fraud, according to local reports in Yorkshire. The pattern of fraud seems to be much the same as in the Brentford case, with one Bradford fan getting hit with a £900 fraudulent PayPal charge and another getting stung for £50 in scam mobile phone top-up charges. The fraud involving Bradford City fans have also become the subject of a police investigation, the Bradford Telegraph & Argus reports.

Bradford City FC, which gained promotion to League One in a League Two play off final at Wembley last Saturday, is yet to comment on the matter.

Ticket Zone is yet to respond to our request to comment on the matter. We'll update this story as and when we hear more. ®

The essential guide to IT transformation

More from The Register

next story
Rupert Murdoch says Google is worse than the NSA
Mr Burns vs. The Chocolate Factory, round three!
Microsoft cries UNINSTALL in the wake of Blue Screens of Death™
Cache crash causes contained choloric calamity
Germany 'accidentally' snooped on John Kerry and Hillary Clinton
Dragnet surveillance picks up EVERYTHING, USA, m'kay?
Know what Ferguson city needs right now? It's not Anonymous doxing random people
U-turn on vow to identify killer cop after fingering wrong bloke
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
Who needs hackers? 'Password1' opens a third of all biz doors
GPU-powered pen test yields more bad news about defences and passwords
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Solving today's distributed Big Data backup challenges
Enable IT efficiency and allow a firm to access and reuse corporate information for competitive advantage, ultimately changing business outcomes.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.