Debunking hoaxes and exposing scams since 2003!

Hoax-Slayer Logo

BH Live 'Peter Pan' eTickets Malware Email


Outline

Ticket order confirmation email purporting to be from UK ticket agency BH Live Tickets claims that you can view and print your purchased tickets to Peter Pan by opening an attached file.

BH Live Malware
© Depositphotos.com/ maxkabakov

Brief Analysis

The email is not from BH Live and the attachment does not contain theatre tickets. Instead, the attachment contains malware. If you receive this email, do not open any attachments or click any links that it contains.

Example

Subject: Confirmation of Order Number 5678982
YOUR E-TICKET(S) ARE ATTACHED TO THIS EMAIL, SENT TO [Email Address Removed]. Please print ALL PAGES of the PDF file attached to the email and bring them with you to gain admission to the event.
The attachment requires that you have the Adobe Acrobat Reader installed on your computer. If you do not have Adobe Acrobat Reader installed, please click HERE to download and install this program.
THIS IS NOT YOUR TICKET

YOUR E-TICKET(S) ARE ATTACHED TO THIS EMAIL

BH live Malware

Detailed Analysis

Ticket Order Email Claims to be From BH Live Tickets

This email, which purports to be from UK ticket agency BH Live Tickets, appears to be a confirmation of a recent purchase of theatre tickets for Peter Pan.  The message advises you to open an attached file to view and print out your tickets.

The email includes detailed information about the supposed ticket purchase formatted in a table and features the distinctive BH Live Tickets banner.

Email is Not From BH Live - Attachment Contains Malware

However, the email is not from BH Live Tickets and the attachment does not contain theatre tickets.  Instead, the attached .zip file harbours a .exe file that, if opened, can install malware on your computer.

Once the malware is installed, it may download further malware and connect to remote servers controlled by criminals.

BH Live Tickets has published a warning to customers about the attack and confirmed that they did not send out the emails.

As such emails go, this attempt is quite sophisticated. The email is professionally presented and may seem quite credible at first glance.  Ticket vendors may well send out genuine emails that contain print at home tickets in an attached file.

The scammers hope that at least a few people, panicked into thinking that their credit card has been used to purchase expensive theatre tickets, will open the attachment without due caution.

The examples that I have so far seen all claim to contain tickets to Peter Pan.  However, details, such as the supposed show and ticket prices may vary in later incarnations.

If you receive one of these emails, do not open any attachments or click any links that it contains.




BH Live Malware

© Depositphotos.com/ drical


Last updated: September 8, 2014
First published: September 8, 2014
By Brett M. Christensen
About Hoax-Slayer

References
BH LIve Tickets