Stowaway ticket office: scammers have doubled the sale of fake tickets via Telegram
Fraudsters have become twice as likely to use Telegram in schemes for selling fake tickets to cultural events. In 11 months of 2025, more than 6 thousand resources aimed at hacking user accounts and then sending fraudulent offers were blocked, whereas in 2024 there were 2.7 thousand of them, the coordination center for .RU/.RF domains told Izvestia. As a result, people receive offers to buy tickets to concerts, performances and Christmas trees, allegedly from their friends. We are no longer talking about isolated cases of fraud, but about a fully formed digital deception system in Telegram, the State Duma stressed. What you need to know about changing the tactics of intruders is in the Izvestia article.
How fake tickets are sold on Telegram
Scammers have turned Telegram into the main platform through which they sell fake tickets to cultural events. In just 11 months of 2025, more than 6 thousand fake authorization pages in Telegram resources aimed at hacking the accounts of messenger users were identified and blocked, a data analyst at the coordination center of the .RU/ domains told Izvestia.Russian Federation Evgeny Pankov. According to him, this is twice as much as a year earlier, when 2.7 thousand such sites were blocked.
— The key mechanism of the attack is as follows: hacking the victim's account using a fake authorization page, after which the criminals gain access to the contact list and begin sending out "favorable offers" on behalf of the user to buy tickets to popular events. Examples include invitations to The Nutcracker and other well—known productions, accompanied by links to phishing theater websites or specialized Telegram channels. Buyers lose money, and attackers quickly create new resources," the expert said.
Izvestia studied examples of such correspondence. For example, in one of the Telegram groups called "Tickets to concerts, festivals," user Lyubov posted a message insistently offering to purchase a concert ticket. When another participant asks to send at least a partially hidden copy of the ticket, the girl refuses, referring to the fact that she does not have such an opportunity.
The old Fake Date scheme is also not losing popularity, when scammers use fake profiles of attractive girls on social networks and on dating sites, Evgeny Pankov added. Having gained the victim's trust, they offer to go to a concert or show together and send a link to a fake ticket service. After the payment, the "date" ends, and the money disappears.
At the same time, the number of complaints specifically about phishing domains masquerading as websites of theaters, cinemas and concert posters on the Runet, on the contrary, decreased: 523 against almost 2 thousand a year earlier, said Evgeny Pankov. According to him, this just shows that scammers have changed the schemes and the end point of sale of fake tickets is being moved to a place where people communicate more often and are less wary.
As Izvestia wrote, among the latest schemes were fraud with tickets to the ballet "The Nutcracker" at the Bolshoi Theater.
Why are "messages from friends" becoming the main threat?
The growth of identified fake sites shows that fraudulent groups have become more organized and are scaling up their activities. Their main tool is social engineering, the "message from an acquaintance" format increases trust and significantly increases the likelihood of clicking on the ticket link, Anton Nemkin, a member of the State Duma Committee on Information Policy, Information Technologies and Communications, federal coordinator of the Digital Russia party project, told Izvestia.
— Hacking one account starts a chain reaction: attackers get the opportunity to send fake content on behalf of the victim, and the range of potential victims expands exponentially. Many users still do not enable two—factor authentication, which makes their accounts easy prey," said Anton Nemkin.
According to him, it is important to understand that these are no longer isolated cases, but a systemic type of digital fraud. Regardless of whether the attackers are selling "tickets" or offering "profitable investments," the scheme is the same: to gain trust, push them to click on a link or install malware, and then steal data, the deputy emphasized.
Today, AI technologies also provide additional assistance to fraudsters: voice or image substitution makes it easier to imitate real interlocutors - managers, bank employees or colleagues, the press service of Swordfish Security noted. All this, they say, forms a new stage in the evolution of phishing.
When an offer to buy a ticket comes not from an unknown site, but allegedly from an acquaintance, a person's criticality decreases: he checks the link less scrupulously or does not check at all and makes a decision faster, said Valeria Besedina, an analyst at the Positive Technologies research group.
She advised to follow a number of simple rules to protect against fraud when buying tickets: do not follow suspicious links and do not open attachments not only from unknown senders, but also from people you know. First, you need to clarify through a call or other communication channel whether they really sent you a link or an attachment.
— If you encounter suspicious accounts, block them immediately and complain. Allow only contacts to add you to groups and chats in order to reduce the likelihood of getting on a mass mailing list," said Valeria Besedina.
Also, you should not make payments on unfamiliar websites — you only need to buy tickets on the official event web pages or major ticket services. In addition, users always need to pay attention to the urge for urgency, too low a price, or a request to pay in an unusual way — these are typical signs of deception.
Переведено сервисом «Яндекс Переводчик»
