Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Scam warning! www.offthewalltickets.com

  • 30-01-2008 10:55am
    #1
    Registered Users, Registered Users 2 Posts: 11,389 ✭✭✭✭


    My wife just sent me this telling me they sell 6 nations tickets.
    Well apart from the fact its an obvious ticket tout website... I just pretended to go through the procedure of buying tickets.. When i click on proceed to their "secure" server.. the page is not secure, so sends your credit card info in clear text!
    This has to be a scam so a warning to anyone looking for tickets to events.

    This is probably the wrong forum, but i figure it will get a lot mroe views here and can be moved by a mod if they can find a better home.. consumer issues maybe..


«1

Comments

  • Registered Users, Registered Users 2 Posts: 14,761 ✭✭✭✭Winters


    Utter scam site.

    Sure, even still maybe Ill have Rugby tickes on there way to me, my credit card 0000000000000000 seemd to work \o/


  • Closed Accounts Posts: 8,866 ✭✭✭Adam


    Saruman wrote: »
    My wife just sent me this telling me they sell 6 nations tickets.
    Well apart from the fact its an obvious ticket tout website... I just pretended to go through the procedure of buying tickets.. When i click on proceed to their "secure" server.. the page is not secure, so sends your credit card info in clear text!
    This has to be a scam so a warning to anyone looking for tickets to events.

    This is probably the wrong forum, but i figure it will get a lot mroe views here and can be moved by a mod if they can find a better home.. consumer issues maybe..
    Aye, good find, it's almost a passable looking site apart from that. Confirmed non-secure though, do NOT post CC details.


  • Closed Accounts Posts: 54 ✭✭BillyoftheBeast


    Just rang the number on the site. Got some turkish sounding guy who just said hello. Asked him about the site and he said which website are you on about? Scam city.


  • Registered Users, Registered Users 2 Posts: 23,157 ✭✭✭✭Alanstrainor


    I can see people falling for that one as well, It's not that badly done when compared to most of those kind of sites. I just put in an order for some tickets...well i say order....more like i told then to go and **** themselves, and entered 000000000000 as my credit card number. It worked fine so hopefully i'll be receiving some 6 nations ticket to my address at 123 fake street in the Bahamas


  • Registered Users, Registered Users 2 Posts: 11,389 ✭✭✭✭Saruman


    Oh and eh,,,
    Domain Whois Results:


    Registrant:
    Offthewall Tickets
    85 The Drive
    Thornton Heath
    London, England CR7 8LB
    GB

    Domain name: OFFTHEWALLTICKETS.COM

    Administrative Contact:
    Lupton, John lupton1963@hotmail.co.uk
    85 The Drive
    Thornton Heath
    London, England CR7 8LB
    GB
    +44.7906539076
    Technical Contact:
    Lupton, John lupton1963@hotmail.co.uk
    85 The Drive
    Thornton Heath
    London, England CR7 8LB
    GB
    +44.7906539076


    Registration Service Provider:
    Domainmonster.com, support@domainmonster.com
    +44 0845 366 2467
    +44 1483 304031 (fax)
    http://www.domainmonster.com



    Registrar of Record: TUCOWS, INC.
    Record last updated on 26-Sep-2007.
    Record expires on 19-Sep-2008.
    Record created on 19-Sep-2007.

    Registrar Domain Name Help Center:
    http://domainhelp.tucows.com

    Domain servers in listed order:
    NS59.1AND1.CO.UK
    NS60.1AND1.CO.UK


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 938 ✭✭✭blah


    Here's some info about the site's registration.


  • Registered Users, Registered Users 2 Posts: 11,389 ✭✭✭✭Saruman


    Im emailing his domain host to inform them.


  • Registered Users, Registered Users 2 Posts: 17,727 ✭✭✭✭Sherifu


    Another successful boards bust. Fair play Saruman.


  • Closed Accounts Posts: 145 ✭✭martin84


    I could see a lot of people falling for that one. For a scam site its prity well designed!


  • Registered Users, Registered Users 2 Posts: 938 ✭✭✭blah


    Yeah well done. A SWAT van is on its way to that address right now.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 35,524 ✭✭✭✭Gordon


    Anyone else get the "any enquiries please email" showing sales@offthewall when it actually links to [email]sales[at]world-cup-2006-ticket.com[/email]; that site doesn't exist apparently.


  • Registered Users, Registered Users 2 Posts: 81,220 ✭✭✭✭biko


    Seems to be a sub site to mayfairglobalevents.com
    At least they own the https certificate
    http://whois.domaintools.com/mayfairglobalevents.com


  • Registered Users, Registered Users 2 Posts: 32,594 ✭✭✭✭~Rebel~




  • Registered Users, Registered Users 2 Posts: 26,061 ✭✭✭✭Terry


    Saruman wrote: »
    My wife just sent me this telling me they sell 6 nations tickets.
    Well apart from the fact its an obvious ticket tout website... I just pretended to go through the procedure of buying tickets.. When i click on proceed to their "secure" server.. the page is not secure, so sends your credit card info in clear text!
    This has to be a scam so a warning to anyone looking for tickets to events.

    This is probably the wrong forum, but i figure it will get a lot mroe views here and can be moved by a mod if they can find a better home.. consumer issues maybe..
    It's ok here.
    I don't see a problem with you posting it in consumer issues as well.
    The more people who know, the better.


  • Registered Users, Registered Users 2 Posts: 2,216 ✭✭✭Kur4mA


    QUICK! someone go **** on his doorstep!!!


  • Registered Users, Registered Users 2 Posts: 482 ✭✭Innervision


    There was a guy outside Vicar Street when I went to see Tommy Tiernan trying to get in with a print-off from this site saying he'd bought 8 tickets, felt sorry for him when they told him to feck off!


  • Registered Users, Registered Users 2 Posts: 19,976 ✭✭✭✭humanji


    This looks like a case for Anonymous!!!


  • Registered Users, Registered Users 2 Posts: 5,978 ✭✭✭GhostInTheRuins


    Nice find Saruman. I can see some people being taken in by that.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 11,389 ✭✭✭✭Saruman


    Apparently... my wife got the link from a sponsor ad on online.ie
    I can not find it.. If i do i will copy the URL and send it to them.


    *edit
    Just found it under sport, its actually a google ad


  • Registered Users, Registered Users 2 Posts: 11,389 ✭✭✭✭Saruman


    blah wrote: »
    Well it could be a false name and address.

    Possible of course... Well if someone has the time and wants a laugh.. and has access to a phone... why not call the number and ask to speak to John Lupton and get him to confirm his address... Then tell him he got OWNED :D


  • Closed Accounts Posts: 426 ✭✭roughan


    It could be Ok they might not have an SSL cert installed on their webserver
    sure u can do a chargeback on your CC if its a scam
    and i doubt they would be stupid enough to link to other sites and register the domain name to an address if it was not legit


  • Registered Users, Registered Users 2 Posts: 26,061 ✭✭✭✭Terry


    e-mail the link to this page.


  • Registered Users, Registered Users 2 Posts: 11,389 ✭✭✭✭Saruman


    roughan wrote: »
    It could be Ok they might not have an SSL cert installed on their webserver
    sure u can do a chargeback on your CC if its a scam
    and i doubt they would be stupid enough to link to other sites and register the domain name to an address if it was not legit


    Its not the fact you might get done for the money and no tickets... its the fact they have your credit card details, not to mention your name, address etc for identity theft.

    Even if its an honest mistake... it is still wide open for anyone sniffing around the site to get your unencrypted credit card details. Remember.. its NOT linking to a VISA server since it accepts any number you pur in!!


  • Closed Accounts Posts: 145 ✭✭martin84


    I rang them there and told them about this thread. Their "IT Guy" called me a gob****e because I said the site probaly is a scam and completely insecure.


  • Closed Accounts Posts: 8,866 ✭✭✭Adam


    martin84 wrote: »
    I rang them there and told them about this thread. Their "IT Guy" called me a gob****e because I said the site probaly is a scam and completely insecure.
    Lol, had he anything else to say? :D


  • Registered Users, Registered Users 2 Posts: 7,893 ✭✭✭The_B_Man


    http://www.johnlupton.co.uk/ dont think its him tho... ;)


  • Closed Accounts Posts: 426 ✭✭roughan


    Saruman wrote: »
    Its not the fact you might get done for the money and no tickets... its the fact they have your credit card details, not to mention your name, address etc for identity theft.

    Even if its an honest mistake... it is still wide open for anyone sniffing around the site to get your unencrypted credit card details. Remember.. its NOT linking to a VISA server since it accepts any number you pur in!!

    Sure thats just the code of the webpage
    the developer never put in a Luhn Digit check
    It does not have to link to a VISA server i have done this in work 100s of times for all we know it might just be storing the CC in a Database and someone imputs them on a credit card machine manually!
    it needs to have an SSL cert though


  • Advertisement
  • Closed Accounts Posts: 426 ✭✭roughan


    if it was a scam site i doubt they would answer the phone
    IMO its prob just a website done on the cheap
    and SSL cert is only about 300 p/a


  • Closed Accounts Posts: 145 ✭✭martin84


    Well I asked him, How is it a secure site?
    And he said because it says 128bit secure encryption on the bottom of the page.

    Well that puts my mind at rest :)


  • Registered Users, Registered Users 2 Posts: 21,263 ✭✭✭✭Eoin


    SSL certs aren't the end all and be all. All it means is that the traffic between the webserver and the user is encrypted, so someone sniffing the traffic can't get your details. I'd say the chances of this are very low. The obvious problem is that these guys have your credit card details, and it doesn't matter a shìte how secure the traffic was between you and them.


  • Registered Users, Registered Users 2 Posts: 1,196 ✭✭✭pyramuid man


    The problem with the checkout page is not only is it not secure, aka not a https:// but also the fact that it is written in basic html. I am sorry but I would not even consider putting any details there as it is just not legit looking.


  • Closed Accounts Posts: 426 ✭✭roughan


    eoin_s wrote: »
    SSL certs aren't the end all and be all. All it means is that the traffic between the webserver and the user is encrypted, so someone sniffing the traffic can't get your details. I'd say the chances of this are very low. The obvious problem is that these guys have your credit card details, and it doesn't matter a shìte how secure the traffic was between you and them.

    sure they have to get ur CC details ???


  • Closed Accounts Posts: 426 ✭✭roughan


    The problem with the checkout page is not only is it not secure, aka not a https:// but also the fact that it is written in basic html. I am sorry but I would not even consider putting any details there as it is just not legit looking.

    Its written in PHP


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 4,705 ✭✭✭ciaran76


    I looked at the home page and they are offereing tickets to everything. This place should be closed down quickly.


  • Registered Users, Registered Users 2 Posts: 21,263 ✭✭✭✭Eoin


    roughan wrote: »
    sure they have to get ur CC details ???

    If they do the processing themselves, yes. My point is that some people seem to think that SSL is a good indication of a trustworthy site, when it just means that it will prevent the unlikely event of someone intercepting and deciphering the traffic between the browser and the server.

    Obviously it looks horribly unprofessional when there isn't a cert.


  • Closed Accounts Posts: 426 ✭✭roughan


    eoin_s wrote: »
    If they do the processing themselves, yes. My point is that some people seem to think that SSL is a good indication of trustworthy site, when it just means that it will prevent the unlikely event of someone intercepting and deciphering the traffic between the browser and the server.

    Obviously it looks horribly unprofessional when there isn't a cert.

    Agreed


  • Closed Accounts Posts: 145 ✭✭martin84


    Apparently this guy created the site

    tariqaminyousafzai@yahoo.com


    View the guestbook on this guys site
    www.raheelhussain.com :)



    Edit: I havnent checked all the sites he did but so far they are also insecure.
    Edit2: www.ticket2bthere.com seems to redirect to a secure site


  • Closed Accounts Posts: 182 ✭✭andyl222


    what football stadium is that near his house? You could find out the stadium/team and then go onto one of their fan forum, explain the scam etc and have the links to googlemaps...that'd learn him, any football hooligan he may have ripped off coming knocking on his door.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 11,566 ✭✭✭✭fullstop


    andyl222 wrote: »
    what football stadium is that near his house? You could find out the stadium/team and then go onto one of their fan forum, explain the scam etc and have the links to googlemaps...that'd learn him, any football hooligan he may have ripped off coming knocking on his door.

    I'd imagine that's selhurst park, home of crystal palace, as there's a selhurst road just behind it


  • Closed Accounts Posts: 8,866 ✭✭✭Adam


    fullstop wrote: »
    I'd imagine that's selhurst park, home of crystal palace, as there's a selhurst road just behind it
    Nm so, palace fans can't use the interwehb.


  • Closed Accounts Posts: 4,048 ✭✭✭SimpleSam06


    eoin_s wrote: »
    SSL certs aren't the end all and be all. All it means is that the traffic between the webserver and the user is encrypted, so someone sniffing the traffic can't get your details. I'd say the chances of this are very low. The obvious problem is that these guys have your credit card details, and it doesn't matter a shìte how secure the traffic was between you and them.
    Bingo, SSL certs only help stop man in the middle attacks, which are surprisingly hard to do. It could very well be a case of gross incompetence on their part. In any case, feel free to contact the Director for Consumer Affairs.


  • Closed Accounts Posts: 8,866 ✭✭✭Adam


    SSL cert or not, I was under the impression that the only way one could operate online cc transactions was by transmitting the data directly to a third party to process the transaction in real time. In other words, if they were running it securely they would be taking your input on their website, but sending it away to a secure transaction, not storing it in a database!

    This has to be illegal, because regardless of whether or not they are actually putting through the transaction manually with the details you supply, they are also collecting the information you supply i.e. credit card details!


  • Registered Users, Registered Users 2 Posts: 21,263 ✭✭✭✭Eoin


    Mirror wrote: »
    SSL cert or not, I was under the impression that the only way one could operate online cc transactions was by transmitting the data directly to a third party to process the transaction in real time. In other words, if they were running it securely they would be taking your input on their website, but sending it away to a secure transaction, not storing it in a database!

    There are a number of ways of processing payments. You can have a 3rd party do the whole thing (e.g. 2checkout, PayPal), or you can store the credit card details and have them processed. I imagine it's also possible to process the transaction by manually entering the details into a terminal.


  • Registered Users, Registered Users 2 Posts: 32,594 ✭✭✭✭~Rebel~


    Mirror wrote: »
    SSL cert or not, I was under the impression that the only way one could operate online cc transactions was by transmitting the data directly to a third party to process the transaction in real time. In other words, if they were running it securely they would be taking your input on their website, but sending it away to a secure transaction, not storing it in a database!

    Agreed. In a normal transaction, its always a case of putting in your details which are then immediately checked by the bank in question and processed before the order is complete, at least from personal experience anyway.


  • Closed Accounts Posts: 8,866 ✭✭✭Adam


    Aye, but surely to store them encrypted? Say someone hacks the database to that site, which probably wouldn't be too difficult looking at the build briefly, I'm willing to bet some sql injection would see the end of it's days. Then someone unknown to all has obtained a mass of credit card details!

    I would have presumed than if you plan to work with cc details , it's your responsibility to do it right, and that collecting unsecured details is illegal.


  • Registered Users, Registered Users 2 Posts: 21,263 ✭✭✭✭Eoin


    ~Rebel~ wrote: »
    Agreed. In a normal transaction, its always a case of putting in your details which are then immediately checked by the bank in question and processed before the order is complete, at least from personal experience anyway.

    Unless the payment page is hosted on the payment processing site, the CC details are available to the site making the sale, as they have to read these values and put them in another request to the payment processor.


  • Closed Accounts Posts: 658 ✭✭✭Crazy Christ


    People shouldn't worry about this. It might look a little cheap, but it's really okay. I just ordered 10 tickets for Bruce Springsteen and the E-Street Band and I even got a bonus of 17, 800,000 Ugandan Dollars thrown in at the end!


  • Closed Accounts Posts: 8,866 ✭✭✭Adam


    People shouldn't worry about this. It might look a little cheap, but it's really okay. I just ordered 10 tickets for Bruce Springsteen and the E-Street Band and I even got a bonus of 17, 800,000 Ugandan Dollars thrown in at the end!
    See now I understand this is a joke with regards to the safety etc. but did you really get an email to that effect?? I put in a dud email addy so wouldn't know... if so, I see some scam baiting coming on! :D


  • Advertisement
This discussion has been closed.
Advertisement