How Taylor Swift’s Eras Tour exposed a global web of cyber scams

Taylor Swift’s Eras Tour may have dazzled audiences with glitter and heartbreak ballads, but behind the scenes, a different kind of drama unfolded—one involving fake tickets, drained bank accounts, and scammers in digital disguise. It turns out the pop sensation’s massive tour offered more than just a good show. It gave cybersecurity researchers a rare front-row seat to study how cybercriminals operate during large cultural events.

When the Eras Tour hit cities around the globe, so did an onslaught of scams. According to Dr. Andrew Reeves, Deputy Director at the UNSW Institute for Cyber Security, it wasn’t just a few isolated attempts—it was a digital free-for-all.

“It’s one of the things that we were constantly hearing about,” said Dr. Reeves. “When dates were announced, reports of scams around ticket sales, hotel bookings, and flights went through the roof.”

Reeves joined forces with Professor Debi Ashenden, Director of IFCyber, and University of Adelaide researchers Nadia Scott and Agata McCormac to explore this growing phenomenon. Their research became the backbone of a paper presented at Swiftposium, an academic conference dedicated to examining Swift’s influence across society—from drag culture in the Philippines to theories about her lyrics endorsing public transportation.

Let’s be clear: this wasn’t a fan meetup with glitter pens and friendship bracelets. As Dr. Reeves explained, “It isn’t a fan project. It is really about critiquing and finding a new angle on a culturally relevant phenomenon.”

Reeves and his team dug into hard data to follow the scam trail. Their research made its way into the book Taylor Swift: Culture, Capital, and Critique, and focused on how people’s emotions and the buzz of big events make them easier prey.

“If people are under pressure and have a fear of missing out, they’re not thinking clearly,” Reeves explained. “You’re terrified you’re going to miss out on this once-in-a-lifetime event.”

Suddenly that too-good-to-be-true email about last-minute tickets doesn’t seem suspicious—it feels like a miracle.

And the numbers support that panic. In the UK alone, over 3,000 victims fell for scams during the Eras Tour, losing more than £1 million. Singapore saw losses over SGD$538,000. In Australia, a single week in February cost fans over $260,000, according to Victoria Police.

To see how widespread the problem really was, the team examined the FBI’s Internet Crime Complaint Center (IC3) database. They looked at attack data from every US state for 2021 through 2023, calculating per capita losses using US Census Bureau population estimates.

But what they found wasn’t quite what they expected. “In most of these US cities, with the exception of a couple, there wasn’t that spike and drop,” Reeves noted. There wasn’t a sudden surge of attacks when Swift arrived in town—at least not in the way they thought.

Instead, attackers changed strategy. Rather than increasing the number of attacks, scammers got smarter. They customized their scams for the Eras Tour. The digital crooks weren’t hoodie-wearing loners in basements. They were part of organized groups running tight, deceptive operations.

“They have a certain way of doing things,” said Reeves. “When an event rolls through, they update—but it’s not that they suddenly become more active.”

One common tactic was both creepy and clever. Scammers would hack a random person’s account—not to target them, but to fool their friends. Once inside, they’d message contacts claiming to have extra tickets and ask for money transfers through apps like Venmo.

It gets worse. In some cases, they’d ask the victim to use a shady payment app. Once someone entered their bank login, everything—not just ticket money—vanished. Poof. Gone. Swift lyrics can sting, but not like that.

Ironically, while scammers were hard at work, public awareness of these schemes dropped. The reason? Swift herself. As media attention centered on the superstar and her outfits, it left little space for scam warnings.

Reeves and his colleagues tracked media mentions of cyberattacks before, during, and after tour stops. Some cities, like Philadelphia, saw a surge in media coverage of scams. But in many others, the story was drowned out by concert hype.

“If you can’t get the news out because it’s being completely dogpiled by something else, then it means that they’re just going to stay vulnerable,” said Reeves.

The scams weren’t happening during the concerts. They were timed for the lead-up—when fans were scrambling for tickets, hotels, and flights. By the time the glitter confetti hit the stage, the damage had already been done.

“The scams don’t happen the day she’s on stage,” Reeves warned. “The mitigations need to start the day the event is announced.”

That’s the big takeaway: the scammers move fast. If cities, companies, and even Swifties want to stop them, they’ll have to move faster.

This research isn’t just about one artist or one tour. It’s about understanding how emotional excitement and mass events give scammers the perfect opportunity. Cyberattacks aren’t limited to pop concerts. Sporting events, major festivals, and even elections can trigger similar waves of online fraud.

And while Swift’s star power gave this issue some extra sparkle, the heart of the research lies in something far less glamorous: human vulnerability. If people are excited, distracted, and scared of missing out, they’ll click just about anything.

So the next time someone texts you last-minute tickets to your favorite artist’s sold-out show, take a deep breath. Then, maybe just call your friend to check. And if you’re still not sure—remember, Taylor would never want you to Shake It Off by draining your bank account.