The National Cyber Security Centre (NCSC) has issued an urgent alert after hundreds of British fans of the K-pop group BTS lost thousands of pounds in a sophisticated ticket scam. The fraud, which came to light on Monday, involved fake websites and social media accounts offering access to the group's upcoming European tour.
At least 500 victims have come forward to Action Fraud, the UK's national fraud reporting centre, with losses totalling an estimated £250,000. Many expected to pay up to £800 per ticket, only to discover the sites were fraudulent after the money had left their accounts.
The NCSC warned that the scam operators appear to have used AI-generated imagery and deepfake videos of BTS members to lend the schemes legitimacy. Some sites even reproduced the official ticket sales interface of AXS, the authorised vendor, with almost perfect verisimilitude.
Dr Samantha Jenkins, a cyber-security analyst at the NCSC, said: “Scammers will often target high-demand events, particularly those with a passionate and young fan base. The emotional intensity of the fan community can be weaponised to override caution.” She added that the scam's scale and the technical skill involved were notable.
The incident has put a spotlight on the secondary ticket market, which remains poorly regulated in the UK. Unlike goods, digital tickets have no statutory right of return under consumer law. The NCSC is now working with the Metropolitan Police's cyber-crime unit to trace the money through digital wallets and cryptocurrency exchanges.
BTS fans have taken to social media under the hashtag #BTSTheftAlert to share experiences and warn others. Some reported being blocked by the fake accounts after making payments. Others said they received confirmation emails with forged AXS branding.
The K-pop industry has become a major economic force in the UK, with BTS alone estimated to generate over £100 million annually in merchandise, streaming, and ticket revenue. The band's record label, Big Hit Music, said in a statement that it was “devastated” by the scam and urged fans to buy tickets only through official channels.
This is not the first time UK fans have been targeted. Last year, similar scams emerged around the Glastonbury Festival and the Wimbledon tennis championships. But the BTS scam appears to be more sophisticated and widespread, according to the NCSC.
The agency has issued five key recommendations: verify the seller's URL against the official website; use credit cards for purchases as they offer consumer protection; avoid clicking on links in unsolicited emails or social media messages; check the official vendor's website for authorised resellers; and report any suspicious activity to the National Cyber Security Centre or Action Fraud immediately.
For now, thousands of BTS fans are left without tickets and with significant financial losses. The incident underscores the growing intersection of geopolitical stability, soft power, and cyber-security. As K-pop's global influence expands, so too will the risks associated with its commercial ecosystem.
The NCSC is expected to provide more details in its monthly threat report, due next week.