Music and Malicious Behavior - Six Warnings Signs to Look out For
Share this entry
You may have seen our last article on movies and malicious behavior and thought that as long as you weren’t a big movie lover you’d be safe. If you were one of the 6 million and counting people to go to, or that plan to go to, a show on Taylor Swift’s “Eras,” Drake’s “It’s All a Blur,” or Beyoncé’s “Renaissance World Tour,” even if you stayed home and just listened to your favorite artist, there could be a malicious actor waiting for you.
The music industry is not immune to malicious actors. Many will take advantage of a growing attack surface to exploit victims. Other cybersecurity thought leadership might point to human error and make you think it’s me, hi, I’m the problem when it comes to putting yourself at risk, but when malicious online infrastructure of one kind or another is the root of a majority of issues that your organization will come into contact with, you can’t place all the blame on yourself. If you’re reading this, it’s not too late! We’re running through the six warning signs to look out for to ensure malicious actors don’t break your soul:
- Ticket Scams: As hard as it was to get Barbie and Oppenheimer tickets, buying a ticket to one of Taylor Swift’s or Beyoncé’s shows was near-impossible. Threat actors have already used this to launch several fraudulent campaigns targeting fans, and moms of fans, with fake tickets. We’ve observed many domains that are clearly a part of a larger ticket scam campaign such as 2023taylorswiftconcerttickets[.]com, Beyoncé-concert-tickets[.]today, and Beyoncé-tour[.]com. Timely domain discovery, and maybe some topical phishing tests, can protect you from trouble before they walk in.
my work company sent me the cruelest phishing email test pretending to be ticketmaster notifying me that i've been moved off the waitlist for the Taylor Swift Eras Tour 🧍♂️ pic.twitter.com/WUYK1mZrrb
— JuSong (of all trades) (@jusongb) September 6, 2023
- Music Downloads: Want a break from the ads? It may be at your own risk if you don’t pay a premium. Aside from the legal risk that downloading your favorite song from an untrusted site can bring you, those willing to give you your favorite song or album for free might add a malicious file to your device. You wouldn’t download a car, because you can’t, but you may want to think twice about what you can download.
- Spoofs on Streaming: Even if you go through a legitimate route to access your music, malicious actors could create domains posing as music streaming websites, providing misinformation to potential customers and even suppliers. If you do any business with movie theater companies, setting a monitor for Spotify, Apple, and YouTube (three domains of which we see the most spoofs every day) could be beneficial in identifying malicious domains before they’re used against you.
- Fan Clubs: We talked about fan clubs for movies but music artists can be relevant for a much longer time than one movie or even a series. Because of this, the threat of malicious actors launching social engineering attacks to obtain your personal information can be more drawn out and have a much heavier impact. The show Swarm terrified me of the Bey Hive so I’ll be staying away from fan clubs in general.
- Merchandise: If you’ve been to a concert recently, you might think vendors are out of their minds with how much they charge for merchandise of your favorite artist. It might be just enough to want to try and find some merchandise online, but savings on the list price could open you up to significant financial risk in the future. Using our risk score to predict how likely a domain is to be malicious can be a great way to verify before you buy.
- Music Leaks: It may be tempting to get in on a song before it drops, but threat actors can use the promise of new or unreleased music leaks to trick you into downloading malware or giving away personal information. We have seen risky links like musileaks.com, musicleakdownloader[.]com,and taylorswiftsongslist[.]com, surface to take advantage of fans ready to hear the latest addition to their favorite artist’s discography. Predictive risk scoring, with rich infrastructure and DNS context, will let you know which of these domains are threats and equip you with the tools you need to protect yourself from them.
When the next concert comes your way or the next big album drops, stay aware of the online content you see following it. Drake, Taylor Swift, and Beyoncé saw record breaking ticket sales and streams over the past two years, but they aren’t the only ones hoping to make money from the hype surrounding their music. Don’t let threat actors hit a rich flex on you—visit our page to see phishing and fraud protection that will shake off the adversaries.