(MENAFN- Mid-East Info) Amid the global tour of the world-famous K-pop group BlackPink, cybercriminals are seizing the moment to exploit the heightened interest of fans. Kaspersky experts have discovered scam websites that closely mimic the group's official merchandise store, putting users and their data at significant risk.

The scheme works as follows: attackers created a site that closely resembles the legitimate one and offers users the option to browse merchandise, add items to the cart, and proceed to“checkout.”

An example of a fake website prompting users to buy BlackPink merch

To make the process appear credible, the victim is asked to provide delivery details, such as email, full name, address and postal code, as well as their banking information for“payment.” As a result, after completing the fake registration and payment steps, users risk not only losing money from their bank cards but also exposing sensitive personal data to the attackers.

“This is a fairly common scenario: cybercriminals routinely try to exploit the surge of interest around major concert events - especially when merchandise drops are limited and fans are eager to buy quickly. We strongly recommend that users verify the legitimacy of online stores, avoid following links from social media or unknown messages and double-check URLs before entering any personal or payment information,” says Olga Altukhova, Senior Web Content Analyst at Kaspersky.

Example of a payment and registration form on the fake website

To avoid falling victim to scam, Kaspersky advises users to:

• Verify the authenticity of online stores before making a purchase. Always double-check URLs, spelling of brand names, and whether the site is the official retailer or an authorized partner.
• Shop only on trusted, reputable platforms to reduce the risk of data theft, payment fraud, or exposure of sensitive information.
• Use a reliable security solution that can detect malicious pages and block phishing attempts. The quality of security solutions' phishing detection is annually evaluated by independent testing labs. For example, in 2025 and 2024 Kaspersky Premium achieved a 93% detection rate with 0 false positives in AV-Comparatives anti-phishing tests, and was awarded with the“Approved” certificate.
• Enable multi-factor authentication and monitor your accounts. Turn on 2FA for payment services and online banking, and regularly check your bank statements for any unauthorized transactions.

About Kaspersky:

Kaspersky is a global cybersecurity and digital privacy company founded in 1997. With over a billion devices protected to date from emerging cyberthreats and targeted attacks, Kaspersky's deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect individuals, businesses, critical infrastructure, and governments around the globe. The company's comprehensive security portfolio includes leading digital life protection for personal devices, specialized security products and services for companies, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. We help millions of individuals and nearly 200,000 corporate clients protect what matters most to them.

MENAFN21112025005446012082ID1110381557