According to an advisory posted by Graham Cluley on ESET’s We Live Security blog, it all started with a post on Facebook advertising free tickets.
“Rolling Stones 14 On Fire Free Tickets Giveaway. Get a free ticket and see the Rolling Stones live in your country!” the scammy posts read.
The messages contain links pointing to a website calledrollingstones2014tickets.com. The website has nothing to do with the band. Instead, the domain has been registered by scammers in hopes that they can trick users into helping them make some money, most likely via affiliate marketing services.
When users access this website, they’re told to share the post in order to continue. By getting internauts to share the message on their own timelines, the scammers make sure that a lot of users end up on the fake ticket giveaway website.
Since users see the posts on the timelines of friends, they might be inclined to think the promotion is legitimate. Once the post is shared, victims are told to also share a “personal link.”
“To get your free ticket for the 14 On Fire world tour 2014 you have to collect at least 10 clicks with your personal link code that was generated for you below,” reads a message on the website.
“Once the system has detected at least 10 clicks through your link code you will get access to the locked area which gives you the possibility to request your free ticket.”
Fake Rolling Stones website
In the end, no one gets any free tickets, no matter how many clicks they get. While the website is similar to the official Rolling Stones site, it has nothing to do with the band.
The scammers have simply registered an official-looking domain and stole some graphic elements from the legitimate Rolling Stones website to trick users into thinking that the giveaway is real.
If you come across websites or Facebook messages that advertise tickets and other prizes on behalf of an entity, don’t trust them unless they’re linked or advertised directly on the official website or a verified social media account.
If you’re already a victim of such a scam, remove the posts you’ve published on your timeline and alert your friends about the scheme.