At The Identity Organisation, we're here to help!

    Or drop us a mail!

    Your privacy is important to us, and we want to communicate with you in a way which has your consent and which is in line with UK Law on data protection. As a result of a change in UK law on 25th May 2018, by providing us with your personal details you consent to us processing your data in line with current GDPR requirements.

    Here is where you can review our Privacy & GDPR Statement

    To remove consent at any time, please e-mail info@tidorg.com with the word "unsubscribe" as the subject.

    +44 (0) 1628 308038 info@tidorg.com

    Attackers Abuse Eventbrite to Send Phishing Emails

    Attackers are abusing Eventbrite’s scheduling platform to send phishing emails, according to researchers at Perception Point. These attacks increased by 900% between July and October 2024.

    “Perception Point researchers observed phishing emails delivered via ‘noreply@events.eventbrite[.]com,’” the researchers write.

    “Despite being presented as legitimate events created on the Eventbrite platform, attackers use these messages to impersonate known brands like NLB, DHL, EnergyAustralia, and Qatar Post.

    Each email urges the recipient to take action: reset your PIN code; verify your delivery address; pay for an outstanding bill; pay for a package. These time-bound requests employ a social engineering tactic threat actors use to prompt the target to act fast.”

    The attackers set up events in Eventbrite, and then send invitations with embedded phishing links. The emails are more likely to bypass security filters since they’re sent from a legitimate service.

    “Once the target clicks on the phishing link, they are redirected to a phishing page,” Perception Point says. “We found examples spoofing Qantas airline, Brobizz toll collection, web hosting platform One(.)com, European financial institution NLB, and many more. Designed to look like legitimate websites, targets are asked for personal information, like their login credentials, tax identification numbers, phone numbers, credit card details, and more.”

    The attacker can fully customize the appearance of the email to make it look like a convincing notification from the spoofed brand.

    “Once the attacker creates an event, they can then create emails from within the Eventbrite platform to be sent to attendees,” the researchers write. “These emails can include text, images, and links, all of which are prime opportunities for attackers to smatter in malicious content. “The attacker then enters their list of targets (or ‘attendees’) and sends them the invite email. Once sent, the target receives an email from ‘noreply@events.eventbrite[.]com,’ containing all of the malicious details the attacker included.”

    KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

    Perception Point has the story.

    Free Phishing Security Test

    Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

    Here’s how it works:

    • Immediately start your test for up to 100 users (no need to talk to anyone)
    • Select from 20+ languages and customize the phishing test template based on your environment
    • Choose the landing page your users see after they click
    • Show users which red flags they missed, or a 404 page
    • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
    • See how your organization compares to others in your industry
    Go Phishing Now!

    PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/phishing-security-test-partner?partnerid=001a000001lWEoJAAW

    Sign Up to the TIO Intel Alerts!

    Back To Top