With the 18th edition of the Indian Premier League (IPL) underway, cybersecurity researchers are sounding the alarm over a rising tide of digital fraud targeting cricket enthusiasts. Global cybersecurity firm Kaspersky has issued a public warning identifying three primary scam tactics exploiting the IPL buzz—fake ticket listing websites, scam streaming platforms, and promotional messages promising free tickets.
These tactics, researchers say, are aimed at stealing personal and financial information and monetizing user data through malicious redirects and unauthorized ad tracking. With tens of millions of fans turning to online platforms for tickets and match streaming, the IPL has become a fertile ground for cybercriminals seeking to exploit gullible or distracted users.
Three Types of Frauds: Tickets, Streams, and Phishing Campaigns
According to Kaspersky, the most common method used by scammers involves fraudulent websites mimicking official IPL ticketing portals. These platforms replicate branding and user interfaces convincingly enough to trick fans into making payments—only to receive nothing in return. Refunds are non-existent, and bank card details are often harvested for further fraud.
ALSO READ: Call for Cyber Experts: Join FCRF Academy as Trainers and Course Creators
A second method involves phishing through streaming sites. Links claiming to offer free live matches actually redirect users to scam pages or inject malware into devices. Some of these also initiate subscription charges or data theft. Lastly, scammers are leveraging messaging platforms like WhatsApp to run fake giveaways and promotional campaigns offering “free tickets,” asking users to share links and provide their phone numbers—an attempt to harvest data for dark web resale and future phishing operations.
AI-Powered Threats and Advice for IPL Fans
With a reported 26% increase in phishing attacks globally in 2024, Kaspersky warns that AI-driven fraud will only intensify in 2025. “Scammers exploit the demand around cricket to create credible-sounding schemes that lure users into traps,” said Purshottam Bhatia, Head of Consumer Business for India at Kaspersky.
The company recommends several precautions: buy IPL tickets only from authorized sellers, avoid unofficial streaming links, verify URL spellings (e.g., “hotstarr.com” vs. “hotstar.com”), and install reliable cybersecurity software. Fans are also advised not to provide bank or OTP details to unknown platforms and to avoid downloading IPL-related apps from non-official app stores.