Event Cancellation Refund Phishing Scam via Email
Fraudulent emails falsely claim a still-happening event has been cancelled, prompting genuine ticket holders to enter their ticket or account login details on a fake refund page.
Part of: Event Cancellation Refund Phishing Scam
Last reviewed: 13 July 2026
This phishing scam relies on email because it can closely mimic a legitimate ticketing platform's cancellation notice, complete with matching branding and a plausible-sounding subject line. It's most effective against genuine ticket holders who have real tickets for a real event, since the email exploits an expectation they might already have.
How this scam works on Email
The email claims the event has been cancelled or rescheduled and that a refund is available if the recipient logs in through a provided link within a limited window. The link leads to a fake page closely resembling the real ticketing platform's login screen, designed to harvest the victim's username, password, and sometimes payment card details supposedly needed to 'process' the refund.
Because the recipient genuinely holds a ticket, the premise feels plausible even before checking whether the event is actually cancelled, and the urgency of a refund deadline discourages verification. Once credentials are entered, the attacker can access the real ticketing account, which may hold saved payment details or valid tickets that can be resold.
Common red flags
- An email claims your event is cancelled with a link to log in for a refund
- The sending email address doesn't match the platform's official domain
- The event's official website or social media makes no mention of any cancellation
- The refund page asks for a full card number in addition to your login
- There's an artificial deadline pressuring you to act before verifying independently
- The email contains generic greetings rather than your actual name or order details
How to protect yourself
- Verify any cancellation claim directly on the event's official website or ticketing platform, not through the emailed link
- Log in to your ticketing account by typing the address yourself rather than clicking email links
- Check the sender's actual email address for mismatches with the platform's official domain
- Use a password manager, which won't autofill credentials on a mismatched phishing page
- Enable two-factor authentication on your ticketing platform account
- Contact the venue or event organizer directly if you're unsure whether an event is genuinely cancelled
How to report it
- Report the phishing email to the impersonated ticketing platform's official fraud or security contact
- Report the email as phishing through your email provider's built-in tool
- File a report with the FTC at ReportFraud.ftc.gov or the IC3 if you entered login or payment details
Frequently asked questions
How do I check if my event is really cancelled before clicking a refund email link?
Go directly to the event's official website, the venue's site, or the ticketing platform's app by typing the address yourself, and check the organizer's official social media accounts. A genuine cancellation will be confirmed in multiple places, not only in a single email with a login link.
I entered my ticketing account password on a fake refund page — what should I do?
Change your password immediately on the real platform (typed directly, not via the email link), enable two-factor authentication if available, and check your account for unauthorized changes or ticket transfers. Contact the platform's support to flag the compromise.
Can I get a real refund if my event actually was cancelled?
Yes, but process it only through the platform's official website or app, never through an emailed link — go directly to your account and check for a refund option there, or contact the platform's verified customer support.
What if I already entered my card details on the fake refund page?
Contact your card issuer immediately to flag the card for possible compromise and consider requesting a replacement; recovery of any resulting charges may depend on the payment method and timing — contact your card issuer directly to start a dispute.
Why do these phishing emails specifically target real ticket holders?
Sending the email to people who already hold a genuine ticket for a real event makes the premise far more believable than a random phishing attempt, since the recipient has a real reason to expect communication about that event from the platform.