Back to Feed
Threat IntelligenceJul 15, 2026

Fake Céline Dion Paris Tickets Sold on Facebook and Ticketmaster Clones

Scammers are selling fake Celine Dion concert tickets via Facebook and cloned websites.

Summary

Scammers are targeting fans of Céline Dion's upcoming Paris concerts by selling fake tickets through Facebook groups and impersonating legitimate ticketing sites like Ticketmaster and AXS. These scammers send the same digital ticket to multiple buyers, with only the first person gaining entry, while the rest are denied access. Group-IB has identified over 20 fraudulent domains and noted the use of phishing kits and social engineering tactics to trick victims into paying for non-existent or invalid tickets.

Full text

Security Scams and FraudFake Céline Dion Paris Tickets Sold on Facebook and Ticketmaster Clones Group-IB says scammers are targeting Céline Dion fans through Facebook, duplicate digital tickets and fake websites impersonating Ticketmaster, AXS and the venue site. byWaqasJuly 15, 20263 minute read Listen to this article 0:00 — ← 10s ▶ Play 10s → Speed 0.75× 1× 1.25× 1.5× 2× Voice Loading voices… Press play to start listening Céline Dion is scheduled for 16 Paris concerts in 2026, from September 12 to October 17. Including the 10 additional shows announced for May 2027, the total is 26 concerts. This makes it a lucrative target for scammers. Fans searching Facebook for tickets to Céline Dion’s 2026 Paris concerts are being targeted by scammers who can place a valid digital ticket in a buyer’s Ticketmaster account and still leave them unable to enter the venue. Demand for tickets has remained high since Dion announced her return to live performances. Her Paris engagement includes 16 concerts at Plénitude Arena, formerly Paris La Défense Arena, between September 12 and October 17, 2026. Scammers Selling Fake Concert Tickets on Facebook The official presale began in April, but fraudulent offers had already appeared before ticket sales opened. Céline Dion’s official website confirms the concert schedule. However, cybersecurity researchers at Group-IB found scammers approaching buyers through Facebook groups and Marketplace listings while a separate set of fraudulent websites impersonated Ticketmaster, AXS, Dion’s official website, and the concert venue. Both methods use familiar brands and services to make the purchase appear legitimate. Inside Facebook fan communities, sellers build trust through private messages and voice recordings before introducing pressure. One recurring script tells the buyer that numerous other fans are interested and that the ticket could sell within minutes. Group-IB also found profiles with modified display names while the original identity remained visible in the Facebook URL. Facebook profile of one of the scammers (Credit: Group-IB) Once a buyer agrees to proceed, the seller requests a direct bank transfer outside the official resale service. The recipient’s bank account name may differ from the identity shown on Facebook, but victims are told that Ticketmaster will handle delivery after payment. Scammers Send the Same Ticket to Multiple Buyers Victims receive a genuine Ticketmaster transfer link containing a digital ticket and entry code, which may appear normally in their account. According to Group-IB’s technical analysis, scammers send the same ticket and entry code to multiple buyers. Only the first person whose code is scanned can enter the venue, while every later buyer is refused entry. For context, a single-use ticket works for the first person whose code is scanned, leaving every later buyer with an invalid entry code. The seller can then deactivate the Facebook profile and end communication with the victims. Other buyers are directed to convincing websites built to resemble official ticket shops. Group-IB documented more than 20 domain entries using names associated with Céline Dion, Ticketmaster, AXS and Paris La Défense Arena. Some of these domains spotted by researchers include: Axs-billetterie.com Celine-dion-arena.com Ticketmaster-celinedion.com Account.ticketmaster-celinedion.fr and several others. Additionally, scammers use Shopify to build fake ticket stores with familiar account, checkout and payment pages, making the sites appear legitimate. Researchers found Shopify-specific paths such as /cdn/shop/files/ and /products/, along with image parameters, customer account pages, OAuth client identifiers and dedicated payment subdomains. Some pages also displayed credit card forms, delivery details and fake Trustpilot ratings. Several technical similarities connected the domains to a reusable phishing kit. OAuth state values on multiple account pages began with the same hWNA prefix, while the sites reused similar authentication flows and Shopify components. Group-IB said the repeated prefix appeared to come from the same low-entropy string generator. Understanding the scam (Credit: Group-IB) Buy Tickets from Official Sites Buying through links posted by unknown sellers gives fraudsters control of both the payment method and the information shown to the buyer. Fans should begin from Dion’s official concert page or an authorized distributor such as Ticketmaster, AXS or Fnac, reject requests for direct bank transfers and check that the seller’s identity matches the payment account. Anyone who has already paid a suspected scammer should contact their bank immediately. Waqas I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cybersecurity and tech world. I am also into gaming, reading and investigative journalism. View Posts Céline DionCyber AttackCyber CrimeCybersecurityFacebookFraudPhishingPhishing KitScamsecurityShopifyTicketmaster Leave a Reply Cancel reply View Comments (0) Related Posts Read More Security Cyber Attacks Labour Party’s campaign sites hit by DDoS Attack The Labour Party in the United Kingdom has confirmed that its digital platforms suffered a massive DDoS attack blocking its security system. byWaqas Read More How To Security How to Protect Yourself From Hackers – Useful Tips For Small Business Owners As a small business owner, you’re bound to take great pride in what you do and use every… byOwais Sultan Read More Cyber Events Hacking News Security Verizon Yearly Study: 2011 was The year of Anonymous So far 2012 is a tough year for Anonymous with its leader ”Sabu” betrayed them as a government agent and… byWaqas Read More Security Artificial Intelligence Privacy Firefox Will Give Users an AI Kill Switch for Better Privacy Not everyone wants AI in their browser. Firefox 148 is introducing easy toggles to disable chatbots and AI tab grouping. Discover how Mozilla is prioritising user choice and privacy in its latest 2026 update. byDeeba Ahmed

Indicators of Compromise

  • domain — axs-billetterie.com
  • domain — celine-dion-arena.com
  • domain — ticketmaster-celinedion.com
  • domain — account.ticketmaster-celinedion.fr

Entities

Ticketmaster (product)AXS (product)Shopify (product)Group-IB (threat_actor)Fake Céline Dion Paris Tickets (campaign)