Hackers Phish Belgian Grand Prix Fans With Fake Voucher
Organizers of the Belgian Grand Prix have reported a cybersecurity incident in which hackers sent phishing emails through a compromised official email account. The intent was to mislead fans using a fake €50 voucher offer, leading them onto a phishing website.
As per the organizers' official statement, the incident occurred on March 17, 2024, when unauthorized actors gained access to SPA GRAND PRIX's official email (info@spagrandprix.com). The hackers then started sending fraudulent emails to an undisclosed number of unsuspecting recipients from the official address.
These emails promised a €50 voucher reward for purchasing a F1 Grand Prix ticket. An embedded link directed victims to a counterfeit website that mimicked the official site, where users were tricked into handing over their personal and banking information.
SPA GRAND PRIX reacted swiftly, alerting its customers of the scam within hours. The organization has since tasked its IT security subcontractor to bolster cybersecurity measures.
The very next day, on 18th March, SPA GRAND PRIX filed a complaint with the Belgian cybercrime police. They also plan to pursue legal action by filing a civil claim.
Not much is known yet about how SPA GP’s official email address was initially compromised. However, a statement by SPA GP reads: “The ongoing criminal investigation should make it possible to determine the causes and circumstances which led to this situation.”
According to BleepingComputer, SPA GP has also not yet confirmed the number of impacted individuals or whether any other information besides email addresses has been compromised.
SPA GRAND PRIX urges those potentially impacted by the incident to exercise patience. But they also encourage customers to contact the organization’s secretariat with any concerns.
This unfortunate event is one of many in a worrying trend of rising phishing attacks across the globe. With users having to already deal with cybercriminals using AI to generate convincing phishing emails, the takeover of an official email account makes it even harder to discern fraud from truth.
Please, comment on how to improve this article. Your feedback matters!