Survey: 50% of UK event-goers have lost money to ticket scams

Were you one of the millions trying to bag an Oasis ticket? Or hoping to score a seat at your favourite Premier League team’s first game of the season? Maybe a wristband for next year’s Glastonbury Festival? Some events are hard to get into, and some take pure luck. In the rush to secure a spot, it’s easy for fans to get swept up in the excitement…and that’s exactly when scams thrive.

A new survey commissioned by ExpressVPN found that 50% of UK event-goers have been scammed while trying to buy tickets online, losing an average of 100 GBP (USD 135) each. Three in four (75%) say they’ve seen what they believe to be scam listings for concerts or sporting events. Nearly all respondents (96%) believe social media has played a role in the rise of these scams. And ticket fraud isn’t the only risk; many fans are also putting personal data in jeopardy when they get online at stadiums and venues.

The scale of the problem

The survey of 1,500 Brits paints a picture of risk that stretches from the moment tickets go on sale to the final whistle or encore. Scam listings are common, and social media is amplifying their reach. Once inside the venue, digital habits open up new vulnerabilities, from insecure public Wi-Fi to risky online behaviour. The consequences can go beyond a single event. In fact, 39% say they’d think twice about returning to a venue with poor digital security, and 45% would be less likely to if they became a victim of cybercrime there.

"59% say a ticket scam would be the thing most likely to ruin the matchday experience, more so than watching their favourite team lose (58%)."

How scammers get tickets before you do

For high-demand events, the race often ends before it begins. Scammers deploy automated bots that can scoop up thousands of tickets within seconds of going on sale. These scripts operate faster than any human, filling digital baskets en masse and locking real fans out.

Once they’ve secured tickets, fraudsters monetise them in a variety of ways.

Fake resale sites and cloned pages

One tactic is to create convincing resale platforms with stolen branding, near-identical domain names, and fake reviews. Payments are taken, but the tickets never arrive. 

Early sale and presale traps

Another ploy is listing tickets before the official on-sale date, claiming “exclusive presale” access. Sometimes these are tickets scooped up by bots; other times, they’re completely fabricated. Either way, buyers often end up with nothing or with duplicates that will fail at the gate.

Social media ticket harvesting

Even legitimate buyers can be targeted. Posting a photo of your ticket online, QR code and all, is enough for a scammer to duplicate and resell it—often before you’ve even arrived at the venue. In some cases, partial codes can be reconstructed, turning what feels like harmless bragging into a costly mistake.

Why e-tickets aren’t bulletproof

These scams thrive because e-tickets, while convenient, are built around a single point of failure: the code itself. Whether it’s a QR code, barcode, or PDF, that code is essentially the key to entry—and keys can be copied.

A single screenshot, forwarded email, or shared file can be enough for someone else to use the ticket. Static barcodes, which remain the same from purchase to entry, are the easiest to duplicate. Dynamic barcodes that refresh in the app every few seconds are better, but not foolproof. If a ticketing account is compromised or a device is infected with malware, scammers can still intercept the code.

Our survey found that 43% of fans believe e-tickets are more secure than paper tickets, but high-profile breaches show otherwise. In some cases, entire batches of e-tickets have been intercepted and resold, locking the original buyers out. 

"Digital doesn’t mean tamper-proof. And, in the wrong circumstances, it can make theft easier."

The hidden risks of public Wi-Fi at events

Even if you score a legitimate ticket, the risks don’t stop. The moment you step into the venue, the network you use to post, stream, or check scores can open the door to an entirely different set of threats.

Why fans log on anyway

83% of event-goers say they’ve used free public Wi-Fi at stadiums or venues, and more than a third do so regularly. The draw is obvious: patchy mobile coverage when tens of thousands of devices are fighting for signal, the urge to share the moment on social media (55%), or to keep tabs on other games (48%). Some connect simply to save data. But once online, many go further. 27% have downloaded sensitive work documents or bank statements, and 61% have logged into their banking app.

Why cybercriminals love stadium networks

Those are exactly the kinds of actions attackers are counting on. Public Wi-Fi networks at large events are often only lightly secured. Fake hotspots with names just a letter off from the official network can collect passwords and session tokens. Open networks allow for “man-in-the-middle” (MITM) attacks, where malicious actors intercept data in real time. Even legitimate captive portals (those branded login pages) can be mimicked to trick people into handing over credentials. The risk is so well known that the England men’s football team was banned from using public Wi-Fi during the 2018 World Cup over hacking fears.

It’s a striking contradiction: 80% of fans say they’re aware of the dangers of public Wi-Fi, yet 60% believe their personal information is safe when connected to a stadium network. More than a quarter (26%) admit they take no extra precautions at all. 

"80% of fans know public Wi-Fi is risky, yet 60% still think their data is safe at stadiums"

The cost beyond the scam

The after-effects can also follow fans home. 52% of respondents have received suspicious emails or messages after attending a stadium event, suggesting personal details were exposed somewhere along the way. And there’s an appetite for change: three-quarters (75%) say they’d pay a small fee for a more secure connection at events. 

How to protect yourself from event scams and online risks

You can’t control how a venue secures its network, or how many bots hit the ticket queue before you, but you can close your own gaps. Here are practical steps that will make it harder for scammers to win before, during, and after the event.

1. Buy from official or verified sellers

Ticket buying 101 is to always purchase through an event’s official website, authorized partners, or reputable resale platforms with buyer protection. This reduces the risk of counterfeit or invalid tickets, while giving you access to customer support and other safeguards.

2. Avoid deals that seem too good to be true

Scammers often lure victims with unusually low prices for high-demand events. If the offer feels unrealistically cheap, it’s probably too good to be true. Similarly, if you see tickets being sold for an event before the official on-sale date, it’s a major red flag.

3. Pay securely

Pay with credit cards or trusted payment platforms that offer fraud protection and let you dispute transactions. Avoid paying by bank transfer—unless it’s someone you know and trust—and requests to pay by gift cards or other unusual means are almost always signs of a scam.

4. Inspect URLs carefully

Make sure any website you purchase tickets (or anything else) from is secure. Some browsers indicate secure websites by displaying a small padlock symbol next to the URL bar; others turn green when connected to a secure website.. The old school way is to check that the web address itself begins with ‘https’, because the ‘s’ stands for secure. 

5. Use an online privacy tool

It’s not just about falling victim to a scam, you see—scammers will also proactively target fans, gleaning their personal details from the web and then approaching them directly. We’ve got a whole guide on how to avoid phishing attacks, or just keep it super simple by going online with ExpressVPN. We’ll mask your real IP address to protect your personal information, in addition to encrypting your entire connection.

Have you ever been caught out by a ticket scam or had your data compromised at an event? Share your story in the comments below.