Table of Contents
Fake GTAVI pre-orders, bogus beta downloads and cryptocurrency schemes are being designed to steal money and personal data in anticipation of the title
Similar to the World Cup, as the release of the long-awaited Grand Theft Auto VI (GTAVI) draws closer, cybercriminals are capitalising on the fan anticipation to deploy a wide range of fraud schemes that target the heightened demand.
Following the official launch of GTAVI on June 25, which attracted significant attention, threats began immediately exploiting the event as a lure, explained Kaspersky, by leveraging the event to deploy deceptive schemes, from fake pre-order pages to fraudulent video tutorials, targeting users eager to secure their copy of the game.
The pre-order trap
Fraudsters have been setting up fake websites that closely replicate the visual style and branding of the official game, featuring genuine trailers and promotional artwork that offer users the option to pre-order the game for various consoles.
After clicking “Pre-order Now,” users are prompted to enter their personal details and payment information to complete the purchase. However, GTAVI will never be delivered and instead, victims risk having their bank accounts drained and their personal data compromised.
Kaspersky experts have detected such fraudulent pages in multiple languages, indicating that scammers are actively targeting players across different regions. One notable example is a Portuguese-language website impersonating the official PlayStation storefront.
To create a convincing illusion of legitimacy, the attackers populated it with fabricated five-star reviews, an age rating and a displayed pre-order price. Upon clicking the pre-order button, users are redirected to a registration form requesting their name, email address, phone number, CPF (Cadastro de Pessoas Físicas – a Brazilian individual taxpayer identification number) and other personal information.
From there, the victim is asked to pay by entering bank card details or choosing an alternative payment method. Once the transaction is completed, the user’s personal data and financial credentials are left entirely in the hands of the attackers.

The beta access bait
Malicious activity often relies on a coordinated, multi-channel approach to broaden reach and reinforce credibility.
In one such case, a suspicious website was identified offering what was described as a beta version of the game for download, with the offer framed as a leak. The website was promoted through video platforms and social media, where numerous accounts shared videos purportedly showing how to download the game file “safely”.
To further reinforce credibility, comments posted alongside this content claimed that the download contained a genuine version of the game. Once launched, the file can compromise the user’s device, potentially leading to the theft of sensitive data, unauthorised access to personal accounts or the installation of malware operating silently in the background.

From virtual worlds to virtual wallets
Cryptocurrency users are also being targeted through suspicious, low-reputation websites. In one case, a site was identified promoting a token with a name resembling the game’s title. The page also imitated the game’s visual style and used its logo to create a strong visual association with the game.
Such websites should be treated with extreme caution, as engaging with them may result in the loss of crypto assets.
To enjoy new game releases without worrying about cyberthreats, users are advised to:
- Be cautious with downloads. It is safer to install games and mods only from official sources or reputable websites. Unofficial sources may contain malware.
- Check the authenticity of websites before entering personal data, such as double-checking URL formats and organisation names’ spellings.
- Secure your payment information. Use prepaid cards or a dedicated payment service for gaming purchases to avoid exposing your credit card or bank account information.
- Use a reliable security solution that identifies malicious attachments and blocks phishing links.
- Enable multi-factor authentication and monitor accounts: Activate 2FA on IDs and financial apps and regularly review statements for unauthorised activity.









