Since March, various artists have been offering free online performances – helping entertain millions of people stuck at home, or otherwise subjected to entertainment limitations, due to the COVID-19 pandemic.
Sadly, however, criminals have taken note of the success of such virtual concerts, and are now exploiting people’s love of such events to inflict all sorts of harm to already uneasy folks.
Over the past week or so, for example, cybercrooks have posted onto social media multiple bogus announcements of free concerts – announcements that typically include messages intended to help the posts reach as wide an audience as possible. (E.g., “Free Concert – Sign Up and Let Your Friends Know Too.”) There is, however, no concert planned – and the sign up pages are designed to inflict one or more types of harm.
The bogus concert-attendance registration pages are clearly designed to collect data – including by requiring people signing up to provide their cellphone numbers. Criminals may be harvesting such information as part of efforts to commit identity theft, or, perhaps, to be used as part of text-based phishing scams, scams involving forged messages asking friends for immediate financial help, or the like. The crooks may even plan to use the information that they gather to steal control over people’s cellphone numbers, perhaps as part of attempts to intercept one-time passwords texted to people’s phones.
In addition to their data collection capabilities, some bogus concert sign-up pages may also attempt to install malware onto devices used to access them.
How can you best protect yourself?
Before signing up for any free event, check the website and social media accounts of the relevant performer/s and any promoters – if the folks allegedly putting on the event do not mention it, beware. Also, keep in mind that hackers sometimes successfully breach the social media accounts or websites of celebrities – the more “trusted” sources that corroborate the existence of an event – for example, if an event is mentioned on a performer’s website and Twitter feed, or on a performer’s Facebook and Twitter feeds, vs. only in a single Twitter feed – the better.