Metallica and The Weeknd Fans Targeted in Fake Concert Ticket Scams, Bitdefender Labs Warns

Bitdefender Labs is once again warning consumers about an ongoing scam campaign that aims to cash in on the excitement surrounding major upcoming concerts in Europe.

This time, cybercriminals are targeting fans eager to see Metallica and The Weeknd in Poland in 2026. According to Bitdefender researcher Andreea Olariu, scammers are using fake ads on Facebook to promote non-existent tickets and trick victims into paying in ways that make refunds nearly impossible.

This warning comes amid a surge in ticket fraud across Europe. Action Fraud, the UK’s national fraud and cybercrime reporting service, recently revealed that ticket fraud losses jumped nearly 50% year-on-year — from £6.7 million in 2023 to £9.7 million in 2024.

How the Scam Works

Fraudulent Facebook pages with little to no history, such as “Warszawa Live,” are promoting ads for upcoming concerts. They claim to sell tickets for:

• Metallica (Warsaw, May 19, 2026)
• The Weeknd (Warsaw, August 4, 2026)

The same pages previously advertised fake tickets for artists like 50 Cent, Imagine Dragons, and Sanah.

Victims are redirected to mticket-pl.org, a fraudulent site created on Sept. 6, 2025, to impersonate the legitimate Polish ticketing platform mticket.pl.

After the previous domain was taken down, scammers quickly moved to a fresh one: plebilet.shop, impersonating the official platform ebilet.pl.

Both sites mimic legitimate platforms with seat maps, checkout forms, and professional branding to trick fans.

Although the checkout pages encourage buyers to use BLIK, Apple Pay, Google Pay, every choice ultimately redirects victims to Mercuryo, where they are unknowingly buying cryptocurrency for the scammers. Because crypto payments are irreversible, victims have no way to recover funds.

A fake confirmation page appears, but no valid tickets are delivered.

Red Flags That Give the Scam Away

• Suspicious domain: mticket-pl[.]org was only registered in September 2025 and it is now down. Be wary of any new websites such as plebilet[.]shop.
• Mismatched details: the site lists Puskás Aréna in Hungary but claims the concert is at PGE Narodowy in Warsaw.
• Unrealistic pricing: Some of The Weeknd tickets were listed at 158 PLN — far below market value. However, the checkout shows 490 Euro.
• Crypto payments required: scammers funnel users into irreversible payment methods.
• Shady promotions: the ads come from new Facebook accounts with almost no organic reach.

How to Stay Safe

• Purchase concert tickets only from official sources – venue box offices, official promoters, or well-known ticketing platforms.
• Check the official pre-sale or release date – if someone offers tickets before they’re officially on sale, it’s a scam. Official tickets for Metallica (Warsaw, May 19, 2026) are already sold out. Tickets for The Weeknd's show (Warsaw, August 4, 2026) go on pre-sale on Sept. 9 and general sale on Sept. 12. Anyone claiming to sell them early is a scammer.
• Avoid bank transfers and crypto payments – use a credit card whenever possible, which gives you stronger protections.
• Be cautious of ads and emails – especially those promoting sold-out concerts or “exclusive offers.” If it seems too good to be true, it probably is.
• Strengthen your accounts – use unique, strong passwords for ticketing sites and enable two-step verification.
• Verify links before clicking – run any suspicious URLs through Bitdefender Link Checker.
• Get expert help instantly – forward suspicious ads, links, screenshots or offers to Bitdefender Scamio, our free AI-powered scam detection tool.