Scams for tickets purchased from resellers are nothing new and happen all the time at big concerts like this one. For this reason, it is recommended not to buy tickets this way, unless the person offering it is well-informed.
Cloning of a web page, although it is a very common cybercrime, was not uncommon in this type of incident. In this regard, Teleticket’s Deputy Manager Hippy Gonzalez told ATV:
“Actually, we have known this for a long time and we had taken several security measures. To be precise, we don’t know if it’s because of a complaint we had when we went on sale (that the lady who bought the ticket legitimately got scammed). They cloned our website”.
“As surprising as it sounds, a well-known brand like ours can register with a web page registration company. The only thing they do is copy the event’s landing mask as ours, They change the letter or number and the customer doesn’t understand it.He added.
This fraud was done using online payment platforms. The fraudsters accessed the tickets without knowing that they had bought them and collected the money.
Faced with this situation, many people wonder if it is really possible to clone the page of a brand as big as Teleticket. For this reason, we consult with a cyber security specialist.
A copy of the source code
A fake impersonation of a real page is known Web spoofing. the aim The goal is to mimic the original site’s design and even its URL as much as possible. Through this strategy, The Cybercriminals They manage to redirect a victim’s connection to other web pages through a false page with the aim of performing some fraudulent activities to obtain information such as usernames and passwords from the victim’s traffic.
“Web solutions have two basic fronts: front-end and back-end. The first is the part that interacts with users, and the second corresponds to servers and applications that process the information they collect from the front-end of pages or mobile applications.Sergio Asahuanche, Senior Cyber Security Consultant at Marsh Advisory Peru, explains to El Comercio.
“What happens when it comes to cloning a website The fraudster or attacker downloads the original source codes of the front-end, that’s what faces the public. Cybercriminals can gain access to all content of a website, such as menus, forms, and pages within links. The back is not copied because it has not been exposed to the internet”, says the specialist. And adds: “So what the attackers do Change that logic so that users are already redirected to a fraudulent page that processes or collects the data provided., ie username and password, even if there is a second authentication factor like a touch, what they do is save it in plain text in ‘txt’ files, for example. That way The credentials of clients or users are then impersonated as their identity“.
Therefore, if the user accesses the fake website through this method, all the traffic of the visited pages that take place in the infected window is sent through a malicious server, which allows the interception of the information sent. The fake web page acts as a proxy that requests the information the victim needs from each original server and manages to obtain usernames, passwords or any other type of sensitive data.
As for the domain, creating a fake is not very difficult, just misspell a brand name by adding or removing a letter. “Sometimes these fake sites can have very long domains, but buying them is a shortcut“Reduced Domains”, warns Azahuanche. Criminals can easily shorten a domain to ‘teleticket.bif’. Seeing the real name of the brand, people who are not on the lookout can trust and enter.
If a page is cloned, it can appear as a search result in a browser or even as an advertisement on the Internet. There is still no control over these situations. If impersonation occurs, the affected brand must report the fact. Companies have security teams (cybersoaks) that constantly monitor such threats.
Problem solver. Incurable bacon specialist. Falls down a lot. Coffee maven. Communicator.