Amid the global tour of the world-famous K-pop group BlackPink, cybercriminals are seizing the moment to exploit the heightened interest of fans. Kaspersky experts have discovered scam websites that closely mimic the group’s official merchandise store, putting users and their data at significant risk.
The scheme works as follows: attackers created a site that closely resembles the legitimate one and offers users the option to browse merchandise, add items to the cart, and proceed to “checkout.”
To make the process appear credible, the victim is asked to provide delivery details, such as email, full name, address and postal code, as well as their banking information for “payment.” As a result, after completing the fake registration and payment steps, users risk not only losing money from their bank cards but also exposing sensitive personal data to the attackers.
“This is a fairly common scenario: cybercriminals routinely try to exploit the surge of interest around major concert events — especially when merchandise drops are limited and fans are eager to buy quickly. We strongly recommend that users verify the legitimacy of online stores, avoid following links from social media or unknown messages and double-check URLs before entering any personal or payment information,” says Olga Altukhova, Senior Web Content Analyst at Kaspersky.
To avoid falling victim to scam, Kaspersky advises users to:
● Verify the authenticity of online stores before making a purchase. Always double-check URLs, spelling of brand names, and whether the site is the official retailer or an authorized partner.
● Shop only on trusted, reputable platforms to reduce the risk of data theft, payment fraud, or exposure of sensitive information.
● Use a reliable security solution that can detect malicious pages and block phishing attempts. The quality of security solutions’ phishing detection is annually evaluated by independent testing labs. For example, in 2025 and 2024 Kaspersky Premium achieved a 93% detection rate with 0 false positives in AV-Comparatives anti-phishing tests, and was awarded with the “Approved” certificate.
● Enable multi-factor authentication and monitor your accounts. Turn on 2FA for payment services and online banking, and regularly check your bank statements for any unauthorized transactions.
