惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

美团技术团队
P
Privacy International News Feed
P
Proofpoint News Feed
Security Archives - TechRepublic
Security Archives - TechRepublic
C
CXSECURITY Database RSS Feed - CXSecurity.com
Know Your Adversary
Know Your Adversary
Security Latest
Security Latest
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Attack and Defense Labs
Attack and Defense Labs
NISL@THU
NISL@THU
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
W
WeLiveSecurity
GbyAI
GbyAI
N
News and Events Feed by Topic
N
News | PayPal Newsroom
Y
Y Combinator Blog
C
CERT Recently Published Vulnerability Notes
N
Netflix TechBlog - Medium
S
Security Affairs
Spread Privacy
Spread Privacy
罗磊的独立博客
腾讯CDC
MyScale Blog
MyScale Blog
www.infosecurity-magazine.com
www.infosecurity-magazine.com
L
LINUX DO - 热门话题
The Cloudflare Blog
L
LangChain Blog
博客园_首页
H
Hacker News: Front Page
宝玉的分享
宝玉的分享
Martin Fowler
Martin Fowler
博客园 - 聂微东
SecWiki News
SecWiki News
A
Arctic Wolf
爱范儿
爱范儿
Google Online Security Blog
Google Online Security Blog
T
Threat Research - Cisco Blogs
Hacker News - Newest:
Hacker News - Newest: "LLM"
有赞技术团队
有赞技术团队
The GitHub Blog
The GitHub Blog
Cyberwarzone
Cyberwarzone
博客园 - 叶小钗
V
Visual Studio Blog
V
V2EX
T
Tailwind CSS Blog
Project Zero
Project Zero
T
The Blog of Author Tim Ferriss
F
Fortinet All Blogs
MongoDB | Blog
MongoDB | Blog
D
Docker

Kaspersky official blog

Key vulnerabilities of Microsoft’s July 2026 Patch Tuesday Meta launched and almost instantly rolled back a feature that trained its AI image generator on Instagram user content. What’s wrong with Meta's NameTag feature and why you should be wary of it Targeted phishing attacks on manufacturing companies Why CAPTCHAs are about to vanish: how AI rewrote the "prove you're human" test The unpatchable backdoor in Yarbo robot mowers Managing the risks of LLM aggregators and AI API proxies Social engineering: how scammers manipulate their victims How today's threat actors break into companies 250,000 misconfigurations in GitHub Actions How hackers use PowerShell scripts to steal Telegram accounts How Hola Browser was weaponized to spread a Monero miner World Cup 2026: watch out for these scams Building an autonomous SOC: core challenges and solutions The FROST attack: how SSD access delays expose users’ activity Taming shadow-AI on corporate devices Hentai games with a nasty twist XChat: what’s wrong with Elon Musk’s new messaging app? Security gateway for autonomous vehicles Is Wi-Fi safe in Mexico? The great messaging heist targeting your wallet Don’t let fake IPTV apps ruin your World Cup Attackers disguising phishing as Google AppSheet notifications Qualcomm vulnerability: phone repairs and car maintenance are no longer safe A lost art finds its way into phishing emails Is your TV box renting out your network? How to turn off unapproved AI tools across organization Subscription security: how to protect your account, your wallet… and your sanity The capabilities of Kaspersky Container Security LLM raiders and how to repel them What happens in the bedroom stays in the bedroom Is your security system secure? Survey-based scams Supply chain attack via Trivy and LiteLLM
Fake ticket websites exploiting BTS world tour
Kaspersky Team · 2026-04-09 · via Kaspersky official blog

Kaspersky experts have detected fake websites that steal money from BTS fans during ticket pre sales. We explain how to stay vigilant and not fall victim to the scammers.

Fake BTS ARIRANG tour tickets: K-pop fans being targeted by scammers

BTS, a global K-pop phenomenon, has recently made a comeback from an almost four-year hiatus: the members of the group were completing mandatory military service in South Korea. For this reason it comes as no surprise that cybercriminals have taken advantage of the band’s highly anticipated world-tour — ARIRANG — to launch a campaign of fake websites targeting fans eager to buy tickets.

We’ve identified at least 10 fraudulent domains that mimic the official pre‑sale pages for the band’s concerts in Argentina, Brazil, Chile, Colombia, France, Mexico, Peru, Portugal, and Spain — all created in early April. We explain how the scammers operate, and how to avoid buying fake tickets.

How the fake ticket scam works

Due to the high demand for the world-tour tickets, some of the event organizers prepared additional measures to ensure there are no ticket scalpers. In Brazil, the ticketing services adopted a “pre‑booking” format: the user first makes an online reservation, and then pays in person at the box office. Although in essence a good idea, the change has caused confusion among fans and created an opportunity for criminals to commit fraud.

Scammers create pages that are nearly identical to the official ones, replicating the layout, design, and the entire purchasing journey. For ordinary users, the experience seems completely legitimate. The links to these websites are circulating on social media — mainly on Instagram.

In Brazil, victims are prompted to make payments via PIX — an instant payment system operated by the Central Bank of Brazil. In some cases, the sites even simulate a card‑payment option, but claim high demand or system errors to pressure users into choosing PIX. PIX payments are then directed to money mule accounts — making it difficult to recover the funds.

The scam is a perfect example of how social engineering works. It exploits a massive and highly engaged fanbase — leading many users to act impulsively. The fake “errors” that the website displays during payment create a sense of urgency and cause panic — the scammers are well aware of how quickly BTS tickets sell out. In addition, doubts about the new purchasing system established by the event organizers help criminals make fake websites even more convincing.

How to protect yourself from ticket scams

If you really want to get tickets to your favorite group’s concert but not fall victim to the scammers, it’s important to keep these basic cybersecurity rules in mind:

  • Access only official ticketing services, which you can find on the official page dedicated to BTS’s tour. Type the website address directly into your browser, and avoid links received via messages, social media, or email.
  • Check the domain carefully. Slight changes in the address often indicate fraud. This includes additional dashes, unusual territorial domains, and hardly-noticeable changes like replacing a lowercase “l” (L) with an uppercase “I” (i).
  • Check the website for Privacy Policy and Terms of Use pages. If they’re missing, you’re definitely visiting a fake website. But remember: their presence doesn’t guarantee that the site is legitimate. With modern AI, generating such pages takes only a few seconds.
  • Carefully check the sales format for each country. In Brazil, payment should only be made in person, so any request for online payment during the pre‑sale is a strong indication of a scam. Other countries and event organizers may offer online payments.
  • If you’ve been scammed, immediately contact your bank. If you provided bank card information to the criminals, you should reissue your card to prevent further unauthorized payments.
  • Enable banking alerts. Real-time notifications allow you to quickly identify suspicious transactions.
  • Use cybersecurity protection that detects and automatically blocks fraudulent websites. Kaspersky Premium, our robust cybersecurity solution, also shuts down phishing attempts, protects your personal data, and helps safeguard your identity.
  • Beware of “free” or “discounted” tickets. Ultimately, there’s never such a thing as a free lunch — especially when it comes to world‑famous music groups.

More on scams:

Hardening security management console settings

Is your security system secure?

Protecting a security console is more critical than one might think. Here’s the lowdown on control-layer compromise, and how to keep it from happening.

Hardening security management console settings
Tips

Cracked in under a minute: (nearly) every other password

We’ve revisited our study on the crackability of real-world passwords leaked on the dark web — originally conducted two years ago. The findings are sobering: nearly every other password can be cracked in under a minute, and three out of five take less than an hour. How can we move away from insecure passwords?

Is your security system secure?

Protecting a security console is more critical than one might think. Here’s the lowdown on control-layer compromise, and how to keep it from happening.