Exploring Ticketing Scams: A Conversation with Steve Tcherchian, CISO

Just like those fake fraudulent transaction emails we get for our credit cards, this scam is so effective because it feels real. People are used to receiving emails for ticket transfers, and the sense of urgency—claim your tickets before they’re gone—throws any sense of caution out the window. The scam preys on both excitement and fear. ALWAYS double-check the sender’s email address and only access ticket transfers by typing the official website of the ticket platform in the browser yourself. Never click links from unsolicited emails.
With no shortage of headlines implicating Ticketmaster in fan frustrations and scam exposures, this interview delves into the broader security landscape of online ticketing platforms. Tcherchian emphasizes the need for stronger consumer awareness and better platform accountability to safeguard against these risks. The conversation offers timely insights into how both companies and individuals can combat the challenges posed by cybercriminals in the ticketing space.
The discussion comes at a time when Ticketmaster finds itself at the center of multiple controversies. From the uproar last year over The Cure frontman Robert Smith condemning dynamic pricing and excessive ticket fees, to the alarming Toronto-based Taylor Swift ticket scam, consumers have grown increasingly wary of the risks associated with purchasing event tickets online. The CBC recently reported on a scam where Toronto fans were swindled out of thousands of dollars, highlighting the sophistication of fraudsters targeting major events.
You mentioned that scammers often focus on high-profile events like Taylor Swift concerts. What factors make these events particularly vulnerable to fraud?
The catch? When you click the link, it takes you to a fake website where you’re asked to log in or provide payment information to “claim” the tickets. Once you do, the scammers either steal your credentials to Ticketmaster, drain your account, or charge you for tickets that don’t exist.
It’s the demand combined with the limited supply. When tickets sell out in minutes—or even during presales—it creates a sense of urgency and FOMO that scammers are quick to exploit. In this case, fans are willing to take greater risks such as buying tickets from sketchy websites just to not miss out. Look at the latest Taylor Swift tour. Her events dominated all forms of media, especially social. Fraudsters were easy able to embed themselves in these fan communities and build trusts. Her fans are so emotionally connected to the event that they want to believe everything they see online. Scammers know that people will go to great lengths, emotionally and financially, to attend. High emotion, high demand, high visibility – it’s the perfect storm.
This works by playing on people’s expectations and trust in digital ticketing systems.
Falling victim to a ticket scam can be devastating financially and emotionally. Financially, it’s often a double hit. The fan will lose the money paid to the scammer and they still don’t have tickets to the event, causing them to shell out even more money to buy legitimate tickets – if they’re even available. If banking or credit card info was stolen, victims may see a bunch of unauthorized transactions, adding to the financial nightmare.
With advancements in technology, are scammers leveraging tools like AI or automation to make their tactics more sophisticated?
In the wake of rising ticketing scams, Steve Tcherchian, Chief Information Security Officer of Simi Valley-based cybersecurity firm XYPRO.com, sheds light on consumer vulnerabilities in an exclusive interview with CloudTweaks.
These platforms must require more robust verification for sellers, like identity checks or proof of ticket purchase, to prevent fraudulent listings. Real-time validation of ticket barcodes could also stop fake or duplicate tickets from being listed. The technology for fraud detection exists. Invest in AI to identify these types of suspicious activity. Strong buyer protections need to be prioritized. Guarantees are mostly useless because they come into play after the damage is already done and the buyer has been scammed. Customer service needs to come back. Making 20 phone calls, sending emails to an email account no one checks and waiting 3-5 days for some to respond with a resolution is completely unacceptable.
This isn’t complicated and yet we make it easy for this to keep occurring.
Companies like XYPRO play a crucial role in safeguarding online activities by providing robust cybersecurity solutions that protect consumers and organizations. By enabling advanced threat detection, real-time monitoring, and secure authentication technologies, XYPRO can help platforms digital ecosystems identify and shut down fraudulent activities before they reach consumers. Additionally, we do a lot of work with fostering public awareness through educational campaigns on digital security. These are key to a safe digital experience in an increasingly connected world.
Although, the giant ticket platforms in the events industry are nowhere near where it should be in terms of fraud prevention and cybersecurity, I would still strongly encourage ticket buyers to stick with them. Always purchase tickets from official sources and websites. Avoid deals that seem too good to be true or sellers that seem to be rushing you to complete a transaction. Turn on MFA for EVERYTHING. RIGHT NOW. For all your emails, services, websites. Anywhere and everywhere. Do not use the same password from site to site and always use long passphrases. DO NOT click on links in your email. Always go to the platform’s website yourself and make sure the URL is always preceded with an HTTPS – the S is important.
For legitimate ticket buyers who fall victim to these scams, what are the immediate consequences, both financially and emotionally?
Social media like Twitter, TikTok, Facebook and others have become a hotspot for ticket fraud. Scammers creating fake profiles or hijacking existing ones to advertise nonexistent tickets is common nowadays.
Automated bots are also used now to purchase large quantities or tickets the minute they go on sale, which creates short supply and huge demand. Which then those tickets are resold at inflated prices.
Dynamic pricing is also creating opportunities for new types of scams where scammers create fake listing that appears as “deals” compared to fluctuating official prices, preying on a buyer’s sense of urgency into buying counterfeit tickets.
Finally, what actionable advice would you give to concertgoers to protect themselves from falling victim to these scams, and how can companies like XYPRO play a role in safeguarding their online activities?
The issue is how these platforms prioritize scale and accessibility over proper cybersecurity measures. Many allow sellers to list tickets with minimal checks, which creates an environment where fraudulent or duplicate tickets can slip through the cracks. While some platforms claim to offer guarantees, like refunds or buyer protection, those safeguards often come into play only after someone has been scammed, which doesn’t prevent the fraud in the first place. Plus, good luck getting a hold of a customer service representative who can help you. Automation has done away with most of the personal care companies used to provide their customers. You just cannot count on the ticket platforms to protect your best interest. Buyers need to approach resale sites with caution and always prioritize platforms with strong guarantees, transparent policies, and good customer service.
How have you seen these scams evolve over time? Are there any new techniques or trends that consumers should be particularly aware of?
Absolutely! Scammers use AI and automation to make their tactics easier to deploy, more sophisticated and harder to detect. They use AI to create targeted phishing email campaigns, craft convincing fake websites with AI-powered chatbots, and even generate deepfake videos or voice clones to impersonate trusted brands or individuals. Automated bots dominate ticket queues, snatching up tickets in milliseconds for resale or scams, These advancements allow scammers to operate at scale with alarming precision

  1. Use strong passwords – don’t you use common or easily guessable passwords password.  Ideally something at least 12 characters long with a mix of letters, numbers, and symbols. Use a favorite phrase, quote from a book, song lyrics. The longer the better.
  2. Don’t reuse the same password from site to site. Use Unique Passwords – Avoid reusing passwords across multiple accounts. Use a password manager that can make this easy by generating secure passwords and properly storing them for you.
  3. Use MFA – Turn on MFA for all your accounts, especially email and payment platforms. This adds an additional layer that requires a second step—like a code sent to your phone—before anyone can log in, even if they have your username and password
  4. Don’t click on links – be cautious of any email sent to you trying to quickly act or provide personal information. Hover over links in emails to check their legitimacy.

You’ve pointed out that many consumers don’t practice good cybersecurity habits, such as using strong, unique passwords. What simple changes can people make to better protect themselves?
How do ticket reseller platforms play into these scams, and are they doing enough to prevent fraudulent listings from appearing on their sites?
Scams targeting concert tickets have exploded because they exploit three key vulnerabilities – our emotional connection to experiences/performers, the increasing reliance on digital platforms and we make it TOO EASY! People aren’t just buying tickets—they’re buying memories, the chance to see their favorite artist live, or spend time with loved ones, which makes them more likely to act impulsively. At the same time, the shift to digital ticketing has made it easier for bad actors to create convincing scams. Fake ticket websites, fraudulent QR codes, and even compromised resale platforms make it difficult for the average person to figure out what’s real from what’s fake. Add to that the scarcity of tickets, high demand for events, and the lack of proper security awareness from consumers and you’ve got a perfect storm for scams to thrive.
Any platform or seller that requests payment in cryptocurrency is one to walk immediately away from.
Emotionally, the impact is not any less There’s the heartbreak of missing out on an event they were excited about. It’s not just the lost money—it’s the lost experience. Many victims also feel embarrassed or angry for being deceived, which can erode trust in online platforms. The scammers know this, and they capitalize on a victim’s hesitation to report the fraud out of shame.
Ticket platforms like Ticketmaster, and proper security practices just don’t go together. On one hand, ticket platforms provide a legitimate marketplace for people to buy and sell tickets, which is incredibly convenient. On the other hand, they’ve become a breeding ground for fraud because scammers can easily exploit the lack of rigorous verification and proper cybersecurity in some of these platforms.
When tickets are stolen and resold, you mentioned that platforms like Ticketmaster can sometimes help, but not always. What more could platforms do to assist victims and prevent scams from happening in the first place?
Scammers will send an email that looks like it’s from Ticketmaster. It claims that someone has initiated a transfer of tickets to an event you’re interested or plan to attend. The email includes realistic logos, links, and language to make it look authentic.
One common scam you highlighted involves fraudulent emails claiming a ticket transfer has been initiated. Can you break down how this scam works and why it is so effective?
By Randy Ferguson
Steve, thank you for joining us. Let’s start with the big picture—why have scams targeting concert tickets become such a persistent and growing issue?

Similar Posts