Hackers Scam BTS Fans with Fake World Tour Ticket Sites

Cybercriminals are exploiting the immense anticipation for BTS’s long-awaited return to the world stage. They’ve established fraudulent ticket websites, preying on unsuspecting fans to steal their money.

The campaign has already reached fans across nine countries, making it one of the most geographically widespread concert ticket scams seen in recent years.​

BTS, one of the biggest K-pop groups in music history, recently announced their ARIRANG world tour after a near four-year break, during which group members completed mandatory military service in South Korea.

The announcement generated an enormous wave of anticipation, and demand for concert tickets reached extraordinary levels almost immediately.

Events like this, where a globally loved group returns after years away, naturally draw the attention of cybercriminals who see a ready-made opportunity.​

Kaspersky researchers identified at least 10 fraudulent domains created in early April 2026, each designed to mimic official pre-sale pages for BTS concerts in Argentina, Brazil, Chile, Colombia, France, Mexico, Peru, Portugal, and Spain.

The analysts noted that these fake websites replicate the original layout, design, and the full purchasing journey so closely that ordinary users have very little chance of spotting the difference.

The scale and timing of the operation point to a well-coordinated effort rather than a simple or isolated attempt at fraud.​

These fake pages primarily spread through Instagram, where links circulate quickly inside fan communities.

Since BTS’s fanbase is deeply engaged and emotionally invested, many fans act fast the moment they spot what looks like a genuine chance to secure tickets before they sell out. That impulsive reaction, driven by fear of missing out, is exactly what the attackers are counting on.​

How the Scam Manipulates Victims at the Payment Stage

The payment process is where the deception becomes most effective, particularly in Brazil. Brazilian ticketing services adopted a pre-booking format for the ARIRANG tour, requiring fans to reserve seats online and then pay in person at the box office.

While this format was designed to reduce scalping, it created public confusion, and scammers used that confusion to their advantage.​

Fraudulent Brazilian ticketing pages direct victims to pay through PIX, an instant payment system operated by the Central Bank of Brazil.

Some fake sites display a card payment option first but then generate error messages or cite high demand to push users toward PIX instead. Once the payment goes through, the money is routed to money mule accounts, making recovery nearly impossible for victims.​

The scam depends heavily on manufactured urgency. Fake error notifications during checkout push fans to act immediately out of fear that their reservation will be lost.

The attackers clearly understand how fast BTS concert tickets disappear on legitimate platforms and have built the entire fake experience around that anxiety.

Brazil’s new pre-booking system added another layer of believability, causing many victims to trust the process without questioning it.​

Anyone buying event tickets online should take these precautions. Always navigate to ticketing platforms by typing the official web address directly into the browser, rather than clicking links received through social media, email, or messages.

Check domain names carefully, since scammers often use extra dashes, unusual country codes, or subtle character swaps to imitate real sites.

Confirm that websites include a Privacy Policy and Terms of Use page, though their presence alone does not guarantee legitimacy. In Brazil, any request for online payment during the BTS pre-sale is a clear warning sign, since genuine transactions happen in person.

Anyone who has already made a payment on a suspicious site should contact their bank immediately and request a card reissue if payment details were entered.

Enabling real-time banking alerts is also a smart step, as it helps suspicious activity get spotted quickly. Avoid any offer of free or heavily discounted tickets from outside official channels.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.