Think Before You Click: StubHub ‘Doesn’t Have a Sense Yet of How Big’ Its Phishing Email Scam Has Become


While online ticket marketplace StubHub claims it “reinvented the ticket resale market,” it certainly isn’t above becoming victimized by phishing and hacking incidents.

StubHub lets fans buy and sell tickets to tens of thousands of sports, concert, and other live entertainment events, but the company’s unique online marketplace has become the “cover” for a new phishing email scam.  The email looks like a StubHub receipt for a $2,766.95 order for two tickets to a November 12 boxing match in Las Vegas.

In true phishing fashion, the fake email tries to dupe recipients into clicking on the embedded links in an attempt to obtain sensitive information like credit card account numbers and passwords.

StubHub has posted this notice on its website:

“We are aware that some people have received an email regarding order number 47223311, which they did not place. The email is a phishing email, and was NOT sent by StubHub or any affiliate. Your credit cards have not been charged. Please DO NOT click on any link in the email. If you have logged in to your account via one of the links in the email, you should log into your StubHub account immediately to change your StubHub password. If you have not clicked on any of the links contained in the email, you can safely delete it.”

A StubHub spokesman has admitted the company doesn’t “have a sense yet of how big it is,” and has been sending messages out through social media to notify customers. The Better Business Bureau is also working with the StubHub to warn consumers.

If you’re concerned about possibly falling for this scam, try the following security tips immediately:

  • DO NOT: The email asks you to log in to your StubHub account to confirm the order, but do not log in. A computer program may steal your password, giving thieves access to your StubHub account where valid credit card info may be stored.
  • DO: Do change your account password if you have an account at StubHub right away. Go directly to the StubHub site to do that, NOT through the email. Type the URL into your web browser yourself to ensure you are at the legitimate website.

If you or someone you know has fallen for this or any other phishing scam, report it immediately to the Internet Crime Complaint Center, or IC3, which is a partnership between the Federal Bureau of Investigation and the National White Collar Crime Center.

Get Private Wifi   Protect your personal information.
Get DataCompress   Cut your mobile data usage.

Elaine Rigoli

Elaine Rigoli is PRIVATE WiFi's manager of digital content strategy.