More than 1,000 fraudulent domains related to the IPL have been identified in a report, targeting cricket enthusiasts with online scams and malware during the current Indian Premier League season. These domains include over 600 fake websites selling counterfeit IPL tickets and more than 400 deceptive “free streaming” platforms that serve as conduits for malware distribution. Cybercriminals are taking advantage of cricket fans’ urgency and emotional responses, particularly those seeking last-minute tickets or free online streams during major matches.
The report reveals the sophisticated nature of these scams, with operators not only selling fake tickets but also monitoring conversions, adjusting prices, processing payments, and gathering victim data for future fraudulent activities. According to Sourajeet Majumder, the convergence of scale, emotion, and urgency in the IPL creates an ideal environment for cybercriminal exploitation. Many of the fake ticketing websites mimic reputable platforms by replicating logos, designs, and booking processes to deceive users.
Users are prompted to select seats, input personal information, and make payments through various methods like UPI, cards, QR codes, or payment gateways. In some instances, users receive fake PDF tickets with booking IDs and QR codes post-payment, only to realize the deception upon attempting entry at the stadium gates. The scammers are utilizing Meta Pixel integration to track user interactions, form submissions, and payment activities, allowing them to optimize their fraudulent campaigns akin to legitimate e-commerce operations.
In addition to the fake ticketing schemes, the report underscores the emerging threat posed by counterfeit IPL streaming websites. These platforms are often tailored for searches related to “IPL free live stream” and specific match streaming inquiries, serving as entry points for malware infections, suspicious redirects, and credential theft attempts.
