How Scalpers Scored Thousands of Fred again.. Tickets
2024-3-13 00:29:53 Author: securityboulevard.com(查看原文) 阅读量:10 收藏

Fred again.., one of electronic music’s hottest artists, secretly arrived in Australia on February 27th. In true Fred again.. fashion, that very same day, he announced a raft of shows in arena-sized venues across Sydney, Melbourne, and the Gold Coast. According to multiple sources, this amounts to over 100,000 tickets for shows in the coming weeks– on weeknights, no less!

As one of the scene’s most hyped acts, he enjoys a rabid fan base that will do outrageous things to get the chance to come to one of his short-notice shows. So it should be no surprise that all 100,000 tickets sold within hours. But how many of these tickets were actually bought by fans?

Kasada and Triple J’s Hack program uncovered a massive scalping operation for in-demand events, including Fred again.. tickets. We now have a clear picture showing how ordinary fans are missing the chance to see their favourite performers. Artists and ticketing platforms alike lose millions each year to unscrupulous actors looking to make a quick buck.

——————————————————————————————-

So there I was, staring at the ticketing platform’s page at 10 a.m. last week, waiting for my chance to buy tickets to one of my favourite artists. Waiting. More waiting. And then the news: all tickets had sold out within minutes of going on sale.

Soon afterward, outrage and disappointment began pouring in from dedicated fans and even Fred again.. himself.

A screenshot of a social media story with text expressing disappointment over an unforeseen event leading to many unsold tickets, alongside gratitude for the supportive messages received.

Fred again.. expresses widespread disappointment from his fans who were unable to buy tickets. Unbeknownst to him, bots were the source of this disappointment.
Source: @fredagainagainagainagainagain on Instagram

Within hours, a clear picture began to form. Ticket resales with significant markups began popping up all over social media and third-party ticketing platforms. To the trained eye, these listings clearly weren’t from real fans who suddenly realised they couldn’t attend the show. These were organised scalpers who had mass-targeted the ticketing platform, using bots to grab as many tickets as possible despite the ticketing platform restricting sales to 4 per person.

Email correspondence regarding the price of GA tickets.

Evidence of resellers quickly offering tickets for up to 400% markup of the $179.99 retail price.

The operation targeting tickets for Fred again.. is no different from many others that we see. At its heart were sophisticated bots, initially targeted at hype drops of limited edition sneakers and now repurposed to purchase thousands of tickets only to resell them at a higher price to actual fans.

How do we know this? KasadaIQ collects data from thousands of non-traditional sources. We use this data to monitor, investigate, and block bot activity for our customers. When it became obvious that there was significant reselling of Fred again.. tickets, the Kasada team dug in to uncover the actors behind it.

Having access to this data enabled us to observe multiple groups consisting of up to 500 resellers conducting an active operation to buy upwards of 18,000 tickets and sell them for profit.

Text excerpt highlighting issues with scalpers exploiting legal loopholes.

Resellers tracking Fred’s flight into Australia and preparing to use bots to purchase events and resell tickets within legal gray area.

Each of these groups used “Solver Services” which are explicitly designed to bypass anti-bot protections, as they believed that “manual cops” (purchasing without a bot) would be impossible.

A screenshot of a message with redacted text, replacing specific service names with the phrase "[name of bot using a solver service]".

Resellers advising each other to use bot-driven Solver Services, as purchasing without a bot is impossible.

Confirming this data, Triple J’s journalists spoke with resellers who admitted to using bots to bypass queues and purchase far more tickets than the allowed amount.

A screenshot of a text conversation where someone is inquiring about purchasing show tickets from scalpers, and the other person expresses their frequent attendance at shows.

Reseller admitting to using bots to sell at least 28 tickets.

We believe the number of tickets identified in our data to be an undercount, as we have evidence to suggest that many of the tickets were “copped” and resold on platforms that we don’t monitor. From our experience in the space, it would not be surprising if 20-35% or more of the 100,000 tickets were purchased using bots.

Text displaying sale information with a focus on bulk discounts for scalpers and prioritizing buyers over 50 years of age.

A Solver Service advertising the ability to purchase large amounts of tickets for a profit, which are then sold on to others for an even greater profit.

Our data also gives us visibility into the resale value of these tickets. The median resale price between resellers is $270, representing a 50% markup on the original $179.99 price.

Median price of $270 for resellers

KasadaIQ data tracking the median reseller price of Fred again.. tickets in Australia.

However, that’s not the full story. Resellers buy from other resellers before listing them on third-party platforms where the end consumer (in this case, real Fred again.. fans) can actually purchase the ticket. On these platforms, we saw ticket prices of between $300 and $450. Triple J spoke with consumers who paid $750 for tickets to some of his shows, over 300% of the original price.

Collage of event listings and photos featuring Fred again.. performing at various venues.

Tickets listed for resale of between $250 and $400 on Facebook Marketplace.

At scale, this generates whopping returns for the resellers who have done nothing but pump up prices for everyday people who just want to see their favourite act. A simple calculation of a $270 resale value on 18,000 tickets means resellers profited $1,620,180. The actual profit here is likely much higher due to the resale value on third-party platforms being higher than $270 and not all tickets being listed on platforms we monitor. Regardless of the exact number, this is no play money.

Screenshot of a messaging app boasting about financial gains with a highlighted monetary sum of $5,349.00 and various reactions to the post.

Resellers made thousands of dollars using bots to “auto-checkout” tickets.

Here at Kasada, none of this is a surprise to us. We’re well versed at protecting “hype drops” of limited edition products for some of the largest retailers and footwear companies in the world. The threat they face is from bots. Using the power of automation and scale, these scripts purchase all available stock of an in-demand item as soon as it is released. The “bot masters” then list it for resale on third-party platforms. Often, they sell to other resellers, who look for even higher profits with end consumers. The real customers never have a chance.

To unlock massive profits, the reseller only has to pay the purchase price plus a few cents to dollars of overhead to run the bots and bypass the bot management solution used by the platform. Many bot management technologies have failed to move with the times, which means it’s open season for botters anywhere these supposedly impenetrable solutions get used.

Image of a text listing various shows or events with the title 'wts fred again tickets' indicating tickets for sale for a performance by fred again in different cities and dates.

A total of 45 tickets offered for resale across show dates in Sydney and Melbourne for a 66% markup of the retail price.

This is an open secret in underground reseller communities. Members of these groups often brag about “copping” large amounts of stock, organise themselves for upcoming drops, and research ways of improving their craft to maximise profit. These communities frequently partner with a wide range of services designed to help them bypass queues, automatically check out thousands of stock – and avoid detection while doing it. They are blatant in their assessment of many popular anti-bot technologies they deem “easy” to bypass.

It’s incredibly unfair, with the scales tipped firmly towards those with the technical know-how to set up sophisticated botting operations versus regular fans who just want to have a night of fun without breaking the bank.

You may be asking yourself: “Is any of this legal?” It’s a legal grey area. In Australia, there are various anti-scalping legislation and laws enforced on a state level. Within the US, there’s the BOTS Act of 2016. In practice, however, it is very difficult and unlikely to enforce such legislation at scale. Given the enormous profits being made by ticket scalpers, it’s largely up to the ticketing platforms, who often have exclusive agreements with venues, to protect music fans from the unethical mass scalping of their favourite artists.

If you’d like to get actionable insights on threats to your company or stop bots on your website, mobile apps, and APIs, get your free Kasada IQ Snapshot or contact our team of experts.

The post How Scalpers Scored Thousands of Fred again.. Tickets appeared first on Kasada.

*** This is a Security Bloggers Network syndicated blog from Kasada authored by Tyrone Dougherty. Read the original post at: https://www.kasada.io/how-scalpers-scored-thousands-of-fred-again-tickets/


文章来源: https://securityboulevard.com/2024/03/how-scalpers-scored-thousands-of-fred-again-tickets/
如有侵权请联系:admin#unsafe.sh