Feeds

Footy lovers hit in Wembley playoff card snatch scam

Man on - in the middle, claims club

5 things you didn’t know about cloud backup

Provider Ticket Zone is continuing a joint investigation with Brentford Football Club after it emerged that card details used to buy tickets for the League One playoff final last weekend were subsequently used for fraudulent purchases.

Yeovil beat Brentford 2-1 to reach The Championship on Sunday, piling on further misery for many Bees' supporters who had been stung by the fraudulent purchases. Fan Derek Abbey first heard of the apparent scam on a Bees' forum before discovering £380 in fraudulent Oyster Card payments had been deducted from his account, the BBC reports.

Reg reader Faisal told us he was also hit.

"It appears that fraudsters were able to access my online banking account and I don’t think it was my PC that was compromised," he said.

These cases were far from isolated, prompting Brentford and Ticket Zone to launch a joint investigation. Initial forensic work points to a “man in the middle” attack rather than a problem on Ticket Zone's systems or something linked to malware on consumers' PCs, the latest statement on the investigation explains.

Brentford Football Club is continuing its investigation to find out why some card details of those using Ticket Zone to purchase tickets for the npower League One Play-Off Final were compromised.

The Club learned last week that some cardholder data from those buying tickets for the match online had been used fraudulently.

An investigation was immediately launched and initial forensic work pointed to a “man in the middle” attack.

An independent investigation of Ticket Zone’s systems and those of the specialist online queuing company, Queue-it, is now underway and the Police Active Fraud Department have been informed about the security incident and are also investigating.

An investigation as serious as this will not, unfortunately, be resolved quickly.

Brentford FC acknowledged a "great deal of inconvenience has been caused to supporters" and promised it "will not rest until the full details of what has happened have been made public". It encouraged fans to report problems to Ticket Zone, the official club online sales ticketing partner.

An earlier statement, issued shortly after complaints began and the investigation was launched last week, states that Ticket Zone does not store customer card data.

Ticket Zone does not store customer card data at any point and all information is stored in a secure token system that is approved and provided by its banking partner.

Further examinations have also been undertaken in conjunction with the Danish IT company, Queue-it, who provided the front-end queuing system ahead of the Ticket Zone site.

Once again, all systems are shown as clean.

However, following an investigation, it has been noted that a small number of attempts to access the site from unknown web destinations have arrived through unauthorised links shared via social media sites.

Ticket Zone has commissioned forensic specialists to assist their own technical teams with the on-going investigations.

All investigations point towards a MITM “man in the middle” attack intercepting internet traffic prior to landing on the queuing site.

An attack like this would allow a fraudulent third party to record key strokes as they are being made on the customer’s own browser.

When this occurs, neither the customer or Ticket Zone is aware that fraudulent data capture is taking place behind the scenes.

The crime has been reported to the Police via Active Fraud UK and they are now investigating this on Ticket Zone’s behalf.

Supporters of Bradford City buying tickets through Ticket Zone for the League Two play-off final may also have been hit by fraud, according to local reports in Yorkshire. The pattern of fraud seems to be much the same as in the Brentford case, with one Bradford fan getting hit with a £900 fraudulent PayPal charge and another getting stung for £50 in scam mobile phone top-up charges. The fraud involving Bradford City fans have also become the subject of a police investigation, the Bradford Telegraph & Argus reports.

Bradford City FC, which gained promotion to League One in a League Two play off final at Wembley last Saturday, is yet to comment on the matter.

Ticket Zone is yet to respond to our request to comment on the matter. We'll update this story as and when we hear more. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
One HUNDRED FAMOUS LADIES exposed NUDE online
Celebrity women victimised as Apple iCloud accounts reportedly popped
Rubbish WPS config sees WiFi router keys popped in seconds
Another day, another way in to your home router
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
NZ Justice Minister scalped as hacker leaks emails
Grab your popcorn: Subterfuge and slur disrupts election run up
HP: NORKS' cyber spying efforts actually a credible cyberthreat
'Sophisticated' spies, DIY tech and a TROLL ARMY – report
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
New Snowden leak: How NSA shared 850-billion-plus metadata records
'Federated search' spaffed info all over Five Eyes chums
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Advanced data protection for your virtualized environments
Find a natural fit for optimizing protection for the often resource-constrained data protection process found in virtual environments.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.