New Delhi, May 13 (IANS): More than 1,000 fake IPL-related domains are actively being used to run online scams and malware attacks targeting cricket fans during the ongoing Indian Premier League season, according to a report by cybersecurity firm CloudSEK released on Wednesday. Researchers identified over 600 fraudulent domains selling fake IPL tickets and more than 400 fake free streaming websites, many of which were being used as malware delivery platforms. The fake ticketing websites were found to be highly sophisticated, impersonating trusted platforms by copying familiar logos, layouts, and booking flows, and prompting users to select seats, enter personal details, and make payments through UPI, cards, QR codes, or payment gateways. In several cases, fake PDF tickets carrying booking IDs and QR codes were delivered to victims after payment, with the fraud only coming to light when they were turned away at stadium entry gates. Researcher Sourajeet Majumder noted that the fake ticketing operations had become deeply industrialised, with operators not only selling fake tickets but also tracking conversions, adjusting prices, verifying payments, and collecting victim data for reuse or resale in future scams.
Beyond ticketing fraud, the report highlighted a growing threat from fake IPL streaming websites, many of which were optimised for search queries such as “IPL free live stream” and match-specific streaming terms, and served as gateways for malware infections, suspicious redirects, and credential theft attacks. Scammers were also found to be using Meta Pixel integration to track clicks, form submissions, and payment activity, enabling them to fine-tune their fraud campaigns in a manner similar to legitimate e-commerce businesses. Majumder warned that cybercriminals were deliberately exploiting the urgency and emotional behaviour of cricket fans, particularly those searching for last-minute match tickets or free online streams during high-profile fixtures, adding that “IPL brings together scale, emotion and urgency – that is exactly what cybercriminals exploit.” The report serves as a stark warning to cricket fans to verify the authenticity of ticketing and streaming platforms before making any purchases or sharing personal information online.