A group of cyber security experts have studied Taylor Swift's Eras Tour in an effort to better understand how cyber attackers operate.
Dr Andrew Reeves, Deputy Director at the UNSW Institute for Cyber Security, teamed up with IFCyber Director Professor Debi Ashenden and two researchers at the University of Adelaide - Nadia Scott and Agata McCormac - to present a paper at Swiftposium , an academic conference on Taylor Swift.
The conference explored Swift's influence across the intersection of music, economics, business, media studies, health, and societal and cultural impact.
Held in Melbourne while Swift was in Australia last year, Dr Reeves said scams were prevalent during the Eras tour.
"It's one of the things that we were constantly hearing about during the Eras Tour. When dates were announced, reports of scams around ticket sales, around hotel bookings, around flights ... all went through the roof," Dr Reeves said.
"And it makes sense. We made the argument that any event that is a large economic driver, any big event, any big concert, is probably going to be a lightning rod for scammers.
"They're aware that there's a lot of money flowing into that city... so they think, let's take advantage of that."
After presenting their research at the conference, Dr Reeves and his team have contributed to a new book, Taylor Swift: Culture, Capital, and Critique, a collection of expert commentary on all things Taylor Swift.
It features chapters ranging from Swift's inspiration for drag persona Taylor Sheesh in the Philippines, to whether Swift's lyrics suggest she endorses the use of public transport.
"The book we're launching is important for two reasons: one, it's an opportunity for academics from a wide variety of disciplines to use a creative prompt to break through institutional silos, and the second thing is it isn't a fan project. It is really about critiquing and finding a new angle on a culturally relevant phenomenon," Dr Reeves said.
An organisational psychologist, Dr Reeves said a key part of their research was in considering the human factors around big events, making people more susceptible to scams.
"If people are under pressure and have a fear of missing out, they're not thinking clearly.
"So if you get an email that says, 'hey, there's last-minute tickets' or conversely, 'there's a problem with your tickets, please click here to resolve the problem', you're much more likely to actually follow through. You're terrified you're going to miss out on this once in a lifetime event."
It was estimated that during the United Kingdom leg of the Eras Tour there were more than 3,000 victims of cyber scams - resulting in over £1 million in losses. In Singapore, losses exceeded SGD$538,000 .
Australians lost more than $260,000 in one week in February alone, Victoria Police said.
Dr Reeves and his colleagues analysed the FBI's publicly accessible Internet Crime Complaint Center (IC3) Database for signs that the Eras Tour affected cybercrime rates.
They focused on the US leg of the tour, as enough time had passed for accurate statistics to surface. They accessed the FBI IC3 database for all 50 mainland US states for the years 2021, 2022 and 2023.
They then calculated per capita attack counts and loss metrics using state population estimates from the US Census Bureau.
"We were able to select just the attacks that were relevant," Dr Reeves said.
"We weren't looking at ransomware, for example. We were looking only at vectors like online fraud, selling fake tickets and the like.
"If our expectation was correct, we would expect that before the tour arrived in a city, there'd be a certain number of cyber attacks.
"Then, while she was there or the couple of months around when she was there, there'd be a spike. A noticeable increase in attack frequency. Then after she left, we expected the rate to drop back down to its previous level.
"Essentially what we found is that if you look at that FBI database, in most of these US cities, with the exception of a couple, there wasn't that spike and drop. This was unexpected. But, there was evidence that attackers were taking notice of the tour. There were a few different explanations."
First, scammers do take note of what is happening. They're not hooded figures in the basement anymore - rather, it's a detailed business model with several people working in different groups.
Dr Reeves said scammers would then adjust what is sent out to be more specific to major events, such as the Eras Tour. The frequency didn't necessarily increase, but they were more refined.
"They have a certain way of doing things. When an event rolls through, they update - but it's not that they suddenly become more active."
The team identified a common attack method where scammers would start with a relatively general way of collecting credentials of an individual, who wouldn't be the target of the scam. The scammers would then target that person's friends, reaching out with messages focused on spare tickets.
Pretending to be the person they have hacked, they'd ask for reimbursement of tickets into a new account or via Venmo.
More worryingly, scammers could also target victims through a request to be paid through a specific app. The app asks people to log on with their bank details, and if successful, it wouldn't just be the cost of Taylor Swift tickets taken from the account. It would be drained of every cent.
Dr Reeves said media focus would also switch from the scammers to Taylor herself in the lead up to her shows - contributing to a lack of awareness around big event scams.
"It's just not as interesting that a scam is happening when Taylor's in town," he said.
Dr Reeves and his peers looked at cyber attack media mentions before, during and after Taylor Swift took her Eras Tour to a specific city. They considered several cities Swift visited between March and June, 2023, expecting to see a spike of media mentions when Swift was in town.
While some cities did indeed see a rise in media coverage of attacks - Philadelphia in particular - other cities stayed reasonably consistent.
Dr Reeves points to one explanation in particular.
The problem with that is that all of these scams operated on the vulnerability of people, the fact people weren't aware that these scams were happening [due to lack of media coverage] meant they were vulnerable to falling for the scams.
"If you can't get the news out because it's being completely dogpiled by something else, then it means that they're just going to stay vulnerable.
"The scams don't happen the day she's on stage. The scams happen in the lead up as people are buying tickets, buying flights.
"One of the big key takeaways for us is if you want to counter these kinds of scams, you have to do it the day the event - whatever it is - is announced.
"That's when the mitigations need to start, because that's the date the attack will start. Doing it a week before the actual event, that's way too late."
Dr Andrew Reeves, Nadia Scott, Agata McCormac and Prof Debi Ashenden have authored a chapter in the new book Taylor Swift: Culture, Capital and Critique. You can pre-order the book on the publisher's website . Dr Reeves will be in Melbourne on August 6 for the book launch at Readings Emporium.
