Skip to main content

Woburn, MA – February 20, 2020 –Kaspersky researchers have uncovered a phishing website dedicated to selling fake tickets for the upcoming Burning Man Festival. Official ticket sales launch on February 26; however, since the end of January, the false site has been actively selling tickets for only $225, which is a significant discount compared to the cheapest officially available Burning Man ticket.

Phishing is one of the most popular types of attacks launched by cybercriminals to collect data that can be used to access victims’ financial accounts. Just recently, in Q4 2019, out of the total volume of phishing attacks, 52.61% were attempts to load phishing webpages that sought to steal financial data and accounts at online banks and stores—a 9.42% percent increase from the previous quarter. Popular events like Burning Man, where demand is high and tickets are limited (attendance was capped last year at 80,000), are prime targets.

Visitors to the fraudulent website are given the opportunity to purchase seemingly official festival tickets. As a result, victims are at risk of not only losing several hundred dollars, but also unwittingly giving away personal information like their name, telephone number, and email address, all of which could help cybercriminals launch future attacks.

The homepage is designed as an almost exact replica of the official webpage, but a closer look gives its true identity away: it was registered January 26, 2020 for one year under the name of a private individual rather than a company. In addition, if the victim is from Russia or a CIS country, they are redirected to a local e-currency website where they receive a warning that the payment will be transferred to an individual, rather than any kind of legal entity. Both are highly suspicious considering that Burning Man is a massive project brought together by a large organization based out of the US, where online Russian payment providers are not widely used.

burning-man-1.pngburning-man-2.png

On the left is the official Burning Man website. On the right is a phishing website designed as a near replica.

Users who visit the fraudulent site can purchase a “ticket” for $225. They are then transferred to a “secure” payment page where they can input their card details and complete their purchase. Scammers can then potentially use this personal info and the card details provided to make additional purchases under the card owner’s name or resell the information on the black market to other cybercriminals for various malicious purposes.

“Phishing attacks are popular among cyber criminals for a reason: they’re relatively easy to develop, anyone can fall for one, and they’re hugely profitable,” says Tatiana Sidorina, security expert at Kaspersky. “The Burning Man glossary has a word: Obitainium. It means something useful obtained for free. A ticket that’s significantly cheaper than usual is something that, to a certain degree, could seem like an Obitanium to a trustful person. And that’s what fraudsters are counting on in this particular scam. They hope people will take the bait and spend their money for nothing. For those who are planning to attend Burning Man this year, we advise you to triple check that the ticket site is authentic.”

Read more about this phishing scam on the Kaspersky Daily Blog.

Here’s what you can do to stay safe from phishing scams, according to Kaspersky experts:

  • Do not visit websites unless you are sure they are legitimate and start with ‘https’
  • Once on a website, check that it is authentic; looking for the format of the URL or the spelling of the company name
  • Research official ticket sales announcements and launch dates
  • Subscribe to the Burning Man newsletter, as this is official communication and will deliver the latest news about the event
  • Research ticket prices and understand the real ticket value, to avoid purchasing a cheaper option that seems too good to be true
  • If you receive a link from a friend or a colleague that supposedly takes you to the event page, be sure that they are the ones who actually sent it
  • Use a reliable security solution, such as Kaspersky Security Cloud, to protect your devices from a wide range of threats, including phishing activity

About Kaspersky

Kaspersky is a global cybersecurity company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 270,000 corporate clients protect what matters most to them. Learn more at usa.kaspersky.com.

Media contact

Sarah Kitsos
781-503-2615
sarah.kitsos@kaspersky.com

Burners Beware: fake Burning Man tickets now on sale for a few hundred dollars

Kaspersky experts have uncovered a phishing website dedicated to Burning Man that has been actively selling fake tickets since the end of January
Kaspersky Logo