Cybersecurity firm Kaspersky issued a warning this week regarding a surge in fraudulent websites targeting fans of the K-pop group BTS. The sites are surfacing as fans prepare for the band's upcoming concert tour, which includes scheduled stops in Chile, Colombia, Peru, and Brazil this October.
Researchers identified at least 10 fake domains created throughout April. These websites replicate the visual identity and layout of official ticketing platforms to trick users into completing fraudulent transactions.
The anatomy of the scam
Criminals behind these sites shepherd victims through a simulated purchase process. Once a user attempts to finalize the transaction, the platforms often demand digital payments or direct bank transfers to accounts linked to third-party "money mules" at fintech companies.
In some instances, the fake sites discourage credit card payments entirely. If a user attempts to pay by card, the site claims there is high demand and redirects the user to a manual bank transfer. This tactic effectively eliminates the victim's ability to dispute the charge or recover their funds later.
Fabio Assolini, lead security researcher for Kaspersky’s Global Research and Analysis Team in Latin America, noted that the emotional investment of fans makes these schemes particularly effective. "The criminals do not just take advantage of the urgency to secure tickets, but also the possible doubts about the new purchase format, creating pages that are increasingly convincing," Assolini said. He expects more fraudulent domains to appear in the coming days.
To avoid falling victim to these scams, experts advise fans to follow strict security protocols when navigating ticket sales. Users should type the official ticket seller’s address directly into their browser rather than clicking links found in social media posts, emails, or text messages.
Carefully inspect the domain name for subtle variations, which often serve as the primary indicator of a malicious site. Furthermore, fans should be wary of any site requesting direct transfers during the presale phase. In many official ticketing processes, payments are restricted to verified, secure channels after a reservation is held.
Finally, banking customers should enable transaction alerts via SMS or email. Setting up these notifications allows for the immediate identification of unauthorized charges, providing a critical window of time to contact financial institutions if a theft occurs.
