Scam Alert: Fake Festival Tickets and a Bogus Boots Survey
It's festival season, and the scammers know it. With Oasis back on tour and Glastonbury about to kick off, social media is awash with people offering tickets that don't exist. The government put out a proper warning about it this week, and I've seen the fallout land on my bench before now: someone hands over their money, the tickets never turn up, and there's no getting it back.
There's a second one going round too, completely unrelated, after your bank card this time. Here are both, what to look for, and what to do.
1. Fake summer gig tickets
Fraud Minister Lord Hanson has personally warned the public after Action Fraud figures showed £1.6 million lost to gig ticket scams in 2024, more than double the year before. Around 3,700 people reported being caught out, and it's the under-30s getting hit hardest — more than a quarter of all victims were in their twenties.
The pattern is simple. Scammers post tickets for sold-out shows on social media, mostly Facebook Marketplace, at face value or just below. You message them, they ask for payment by bank transfer or crypto, and once the money's gone, so are they. The tickets never existed.
Here's the bit that catches people out: some of these listings come from hacked accounts. The seller might be a name you recognise, a friend of a friend, someone in a local group, because the scammer has taken over their genuine account and is selling from it. The founder of resale site Twickets warned of multiple fake Twickets accounts and websites set up specifically to target Oasis fans. One woman in Rutland lost hundreds of pounds trying to buy four tickets through Facebook Marketplace.
How to stay safe: buy from the artist's official site or an official ticket vendor, nowhere else. Never pay by bank transfer for a ticket. Use a credit card, because if it goes wrong you've got a route to your money back. And if someone's offering a sold-out show at a tempting price on social media, treat that as the warning sign it is. There's more detail in the government's announcement.
2. The fake Boots "free sample" survey
This one is clever, and it's huge. Security firm Huntress uncovered a campaign aimed at nearly 9 million UK email addresses (8,894,920 to be exact) impersonating Boots. So many were going out at once that Huntress blocked almost 30,000 outbound email connections in 104 seconds.
The email uses real Boots branding and offers a free beauty sample pack in exchange for filling in a quick customer survey. The link takes you to a page that looks exactly like Boots, because the scammers copied the design straight off the real site. It isn't on Boots' servers though. The fake page was hosted on a hijacked Bolivian government website. Boots themselves were never breached — the attackers just borrowed someone else's server to run it.
You enter your name, address, date of birth, phone and email. Then a second form asks for your card details to cover a £2.95 delivery fee. That tiny charge is the whole trick. It sounds like nothing, so people don't think twice, and in handing it over they give away their full card number, expiry and CVV. Once it's done, you're bounced through to the real Boots website, which makes the whole thing feel like it worked.
How to stay safe: if a well-known shop emails you out of the blue offering a freebie for a survey, don't click anything. Go to the company's actual website yourself if you want to check. And no legitimate retailer needs your card number, expiry and security code just to post you a free sample. Huntress wrote up the full technical detail here if you're curious.
If It's Already Happened
If you've paid for tickets that never arrived, or you typed your card details into one of these forms, act now rather than waiting to see what happens.
- Call your bank straight away. If you entered card details, ring the number on the back of your card and tell them. They can freeze the card and watch for dodgy transactions.
- Paid by bank transfer? Tell your bank immediately. Under the rules now in place, you may be able to get reimbursed for an authorised push payment scam, but the sooner you report it the better.
- Change any passwords you gave away, and any others that share the same password.
- Report it using the details below, so the accounts and sites can be taken down.
How to Report Scams
- Scam text → forward to
7726(spells SPAM, free on all UK networks) - Scam email → forward to
report@phishing.gov.uk - Scam website → report at ncsc.gov.uk
- Fraud of any kind → Report Fraud on
0300 123 2040or reportfraud.police.uk
Reporting genuinely helps. A flagged Facebook account or website can be pulled down before it catches the next person, and the figures from those reports are exactly what got this government warning issued in the first place.
If you've entered card details somewhere you shouldn't have, or you clicked a link and you're worried about what it might have put on your machine, that's worth checking properly. I do virus and malware removal in St Helens and can go over your PC to make sure nothing nasty came along with it.
Mark has been fixing computers since the late '90s and went self-employed in 2008. Based in St Helens since 2013, he works evenings and weekends from his home in Laffak — friendly, affordable repairs for PCs, laptops, and Macs. See reviews on Google
Think you've been scammed? Or had someone on your PC?
If you've let someone remote in, installed dodgy software, or just want your PC checked over — get in touch and I'll have a proper look.
★★★★★"Absolutely fantastic service from Local Computer Guy, I was unable to help my grandparents with their computer issues after an unfortunate issue with a scammer and potential virus being installed on their machine. After a quick call I knew they were in good hands. Arrived on time and quickly wiped the machine and made it safe, also helped investigate what had happened and helped my grandparents get using their computer again."
— Joe Gempton, via Google