You might think you’re pretty good at spotting a scam – I did. Flat-hunting in Facebook groups? It’s obvious which too-good-to-be-true apartments are not legit. Tickets to long-sold-out gigs magically available at face value on X? Sure, Jan. Text messages claiming to be Evri with an unexpected parcel? Seen that before. I thought I was sooo savvy, quietly going “Nope!” as I deleted them and thinking oof, imagine being caught out like that.
And then I got a message from James.
James* is someone I know vaguely and see maybe once a year. He’s my dad’s partner’s son and lives near them in the Midlands. Occasionally, he’ll message me on Facebook Messenger to say “Merry Christmas!” and I’ll say “You too!” – then we won’t speak again for months and months. So it was unusual to get a Facebook message from him, but not outlandish.
James had managed to get some Coldplay tickets for next year but couldn’t make the show any more. Did I know anyone looking for some? It made sense for him to ask me – I live in London, I write about music, I’m often at gigs and, in a world of cynics, I have a soft spot for Coldplay. Plus, I love brokering tickets between friends. It makes me feel really good to help someone get into a show they really want to go to. “Ooh, I think I do know some people who tried and didn’t get any!” I wrote back, already thrilled at the idea of helping out. “Let me ask around.”
I put James in touch with my friend Mike*, whose mum hadn’t managed to get tickets. Over the next few hours, I was vaguely aware that Mike was sending £240 to a “business bank account” and that James’s friend who owned the account had an interesting name with suggestive connotations – “Charley White” – but mostly I ignored the chat and went about my day with the warm, smug glow of someone who’s done a good thing.
I’ll save us all the tedium of two strangers discussing bank details and seat numbers and cut to the chase. The tickets Mike bought didn’t exist. James’s Facebook account had been hacked. The person we’d been talking to was a fraudster posing as someone I knew.
The warm smug glow was replaced with a deep, crimson shame. Looking back, both Mike and I can see the red flags – the scammy language I put down to James not being very savvy. The weird name on the bank account. I had put it all down to James living in a very different world to me. The urgency with which James wanted to get the deal done I assumed was because he needed the money back that he’d shelled out as soon as possible. It seems unbelievably obvious now. The fraudster on the other end of that hacked Facebook account was relying on our emotions getting the better of us: my desire to help, Mike’s desire to get his mum into the same room as Chris Martin. And our endless capacity for trust: Mike trusted me, and I trusted “James”.
It turns out that the plot is a well-honed one, designed to make Mike and I do exactly the things we did. “In terms of how you dealt with the situation, I think there’s probably nothing better that you can do in that scenario,” Jack Whittaker, a criminologist and expert on fraud who specialises in offender-based research, tells me, being perhaps a little generous. This fraud felt so sophisticated to me: it seemed to prey on my exact personality traits; it tricked me by using an account I don’t interact with much so I’d be less likely to notice any strange phrasing. In reality, Whittaker says, the criminals probably messaged a lot of people from James’s account and then honed in on anyone who replied.
The techniques criminals use to carry out fraud online are evolving at a pace that large, slow-moving companies can’t keep up with, and scammers are developing more sophisticated – not to mention emotionally manipulative – ways to part us from our money. These are the nuances an algorithm can pick up. It was uniquely difficult to report the situation to Facebook’s parent company, Meta. You can report an account but there’s no option to say “Hey someone’s hijacked this account and is using it to get money out of people who think they’re talking to their friend” – the company deemed James’s account legit. When I reached out to Meta’s comms team asking to talk to someone about it for this piece, the company promised politely that they were looking into it: but ultimately all I got was broad strokes background information on the company’s partnerships to quell scams.
“We’re actually moving into a new era of crime now, which is platform criminality,” Whittaker tells me. “The platform is the single most enabler of online crime now. What’s fairly horrifying about it is the platforms themselves at this stage are doing very little.” He gives examples of frauds you can literally search for on Facebook, brazen TikToks offering “part-time work” intended to trick people into laundering money. “Platforms benefit from more people using their services, irrespective of who it is. Why bother paying for a well-resourced abuse department when you can have haphazard algorithms? We’ve seen that with X also – they cut their abuse department and now it’s a playground of hate speech.”
Mike and I are not alone – a number of Taylor Swift fans on Reddit reported falling for the exact same fraud that we did during the Eras Tour ticket rush, particularly harsh when many of those tickets were probably intended for kids. In the first half of 2023, Santander reported that “ticket scams” had doubled compared to the previous year. Lloyds Banking Group released data that suggested that football fans who’d been caught out by ticket fraudsters had lost an average of £177 during the 2023-24 season – more than half of the cases started on Facebook. Just this month, Meta entered an information-sharing partnership with banks known as the Fraud Intelligence Reciprocal Exchange (Fire) programme, in an effort to combat the problem: banks, for their part, must now refund victims of fraud within five days up to a certain amount, although some will insist on an excess fee (as Mike’s bank did – he managed to recoup £140).
When you fall victim to fraud online, you should report it to ActionFraud, the UK’s national reporting centre for fraud and cybercrime. I wanted to understand more about what it is doing to investigate frauds that happen in the back alleys of social media, but there was no spokesperson available. Again, I was sent some helpful links that essentially told me what I already knew: I was an idiot for trusting anything sent over social media.
The tickets that Mike bought didn’t exist but that doesn’t mean that the ticketing industry shouldn’t shoulder some of the blame too. The scheme that I fell for is a symptom of a broader ambivalence about regulation in the ticketing market – from the mad scramble for tickets to big shows a year in advance and the exploitative dynamic pricing that both Oasis and Taylor Swift fans have had to contend with, all the way through to the difficulties of reselling tickets if it turns out life has got in the way of you attending. The environment that leads to one-to-one ticket sales between strangers is exacerbated by online touts who scoop up thousands of tickets just to resell them on platforms like Viagogo and StubHub for hugely inflated prices – a practice that is seemingly encouraged by StubHub, which runs a special scheme for top sellers.
The FanFair Alliance has been campaigning for better regulation of the ticketing aftermarket and in March, Keir Starmer added a pledge to cap ticket resale prices to Labour’s manifesto. “What we’re hoping is that by making the ticketing market more transparent and offering better communications, that will make a big difference [to online ticketing fraud],” Adam Webb from the FanFair Alliance says. “We all need to resell a ticket at some point. So you need to make it clear to people where they can do that.”
When the cost of living is unbearably high, gig tickets are a treat – and losing a few hundred pounds can be devastating to a person’s finances. “Most people think fraud is just a financial loss,” Whittaker says heavily. “Actually, what we know very well is you have what’s called secondary victimisation: which is the personal loss to the individual.” In my case, it’s minor – the feeling of having been an idiot and the hot flush of guilt that my friend lost money because of me – but when larger sums or romance scams (in which people are tricked into falling in love with a phantom and then rinsed for cash) are involved, it can be devastating.
So for now, the best I can tell you is this: don’t trust anyone. If a friend offers you tickets over a messaging platform, pick up the phone and call them to check that it’s true. Double-check bank details, double-check ticket T&Cs. If anything feels weird, call it off. Never buy from a stranger unless you’re doing it via a legitimate resale site. I’m still keeping an eye out for legit Coldplay tickets for Mike’s mum (Chris! Call me!) because she’s a victim too – the promise of seeing a much-loved band dangled in front of her and then lost. It’s a relatively minor fraud but its tiny ripple effects keep on rippling. And until the huge companies that have the power to deal with these kinds of crimes actually make some changes, the responsibility, regrettably, lies with you.
*Names have been changed