Kaspersky experts have discovered scam websites that closely mimic the group’s official merchandise store, putting users and their data at significant risk.
The scheme works as follows: attackers created a site that closely resembles the legitimate one and offers users the option to browse merchandise, add items to the cart, and proceed to “checkout.” To make the process appear credible, the victim is asked to provide delivery details, such as email, full name, address, and postal code, as well as their banking information for “payment.” As a result, after completing the fake registration and payment steps, users risk not only losing money from their bank cards but also exposing sensitive personal data to the attackers.
“This is a fairly common scenario: cybercriminals routinely try to exploit the surge of interest around major concert events—especially when merchandise drops are limited and fans are eager to buy quickly. We strongly recommend that users verify the legitimacy of online stores, avoid following links from social media or unknown messages and double-check URLs before entering any personal or payment information,” says Olga Altukhova, Senior Web Content Analyst at Kaspersky.
To avoid falling victim to scams, Kaspersky advises users to:
- Verify the authenticity of online stores before making a purchase. Always double-check URLs, the spelling of brand names, and whether the site is the official retailer or an authorized partner.
- Shop only on trusted, reputable platforms to reduce the risk of data theft, payment fraud, or exposure of sensitive information.
- Use a reliable security solution that can detect malicious pages and block phishing attempts.
- Enable multi-factor authentication and monitor your accounts. Turn on 2FA for payment services and online banking, and regularly check your bank statements for any unauthorized transactions.
