#43: Festival season scams, Global Signal Exchange growth, Redditor reports Kohl's remote access scam

Festival season brought more than just big crowds and big acts - it brought big scams too. From fake tickets and rentals to AI-powered impersonation and high-trust refund traps, the summer surge in fraud is showing up across platforms, channels, and industries.

Let’s get into it.

NATE'S TAKE - AUGUST 5, 2025

Top Three This Week

1. Summer Festival Season Brought Fake Tickets, Fake Rentals, Real Losses
2. The Global Signal Exchange Is Growing, But Will It Deliver?
3. Kohl’s Scam Uses Real Site, Fake Support, Remote Access App

1. Summer Festival Season Brought Fake Tickets, Fake Rentals, Real Losses

Creator: Shea Flynn

Lollapalooza wrapped up in Chicago this past weekend, and as with nearly every major festival, the fraud showed up in force. Ticket scammers hit online marketplaces hard, posing as resellers with fake barcodes, duplicated QR codes, and professional-looking listings.

The Better Business Bureau issued a warning ahead of the event, noting that fraudsters prey on urgency and emotion, especially during the days leading up to sold-out shows.

If you're protecting a resale platform or marketplace, this is a key pattern to monitor:

• Newly created or low-history seller accounts
• Listings tied to trending events or locations
• Recycled ticket metadata and barcodes
• Last-minute high-pressure sales

The fraud doesn’t stop at tickets. Scammers also target fans with fake vacation rentals and pop-up accommodation listings designed to harvest payments and personal info. If you’re in travel or hospitality, summer is a prime time to tighten controls on listing authenticity and payment fraud.

2. The Global Signal Exchange Is Growing, But Will It Deliver?

Microsoft and Meta just joined the Global Signal Exchange (GSE), a new alliance designed to help banks, platforms, and telcos share scam signals in real time. The exchange already includes 320 million indicators from over 30 providers, including Google, Spamhaus, and Abusix. It’s being pitched as a cross-industry clearing house for threat data, and it needs to be. The global cost of scams now tops $1 trillion annually, with only 0.05% of cybercrime successfully prosecuted.

Signal sharing is the right move, but context is still king. Scammers don’t just send messages; they build end-to-end flows across multiple platforms. Unless shared indicators are paired with behavioral data, device signals, and customer journey analysis, these efforts will remain reactive. It’s progress, but don’t outsource your detection strategy to someone else’s feed.

Also notable: Meta is now testing facial recognition to detect impersonation and scam ads. That’s a big shift, especially given how slow their enforcement has been historically. Watch this space closely. Tools are only as strong as the willingness to use them.

3. Kohl’s Scam Uses Real Site, Fake Support, Remote Access App

Reddit Scam Report

A Redditor tried to cancel a large Kohl’s order by searching online for “Kohl’s customer service.” One of the top results showed a seemingly legitimate phone number—on a real-looking Kohl’s domain. When they called, the “support agent” offered to help process a refund but asked them to install a remote access app, Zoho Assist, to “verify” the transaction. The scammer gained screen access, guided them into device settings, and attempted to view banking activity under the guise of refund validation. When the user finally shut it down, the scammer lashed out and hung up.

This is a masterclass in trust hijacking. The victim initiated contact, found the number themselves, and still got duped. The scammers didn’t need a phishing email. They just needed a manipulated search result or a hijacked webpage (possibly via cloaked redirects or SEO poisoning).

Key signals worth tracking:

• Inbound searches followed by outbound calls to support numbers
• Downloads of known remote access tools (Zoho Assist, AnyDesk, TeamViewer)
• Repeated login attempts or navigation changes following aborted checkout flows

If you’re in eCommerce, this is a good time to tighten your support page SEO hygiene and monitor for fake listings that piggyback off your brand. Even real infrastructure, like browser extensions or overlay apps, can be twisted into fraud tools. This is a sharp reminder that social engineering evolves faster than most fraud controls.

===

That’s all for this week! For more insights, follow us on LinkedIn or X, and if you want to learn more about what we do, visit www.specprotected.com.

‍