iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Hackers are launching phishing attacks on Formula 1 (F1) fans after hijacking the official email account of one of the most infamous Grand Prix events in the world – Spa.
On 17 March 2024, threat actors gained unauthorised access to the official contact email account of the Belgium based Circuit de Spa-Francorchamps, an infamous Grand Prix held as part of the Formula 1 World Championship on one of the most notorious tracks in the world.
According to a press release from Spa, the threat actor who gained control of the email then began contacting F1 fans with phishing emails containing a link to a fake site that promised €50 vouchers for purchasing tickets for the F1 Grand Prix.
The fake website mimicked the design language of the official Spa Grand Prix website but asked victims for personal details such as banking information.
Phishing emails are often difficult but possible to spot, with a big hint as to whether an email is official or a scam being the email address used. Scammers often use very similar email addresses by adding additional letters or changing spelling or creating official-sounding addresses.
However, when an email used is the official email of a trusted institution that can be verified as legitimate through a Google search or other means, it is considerably harder to distinguish an attack from a legitimate email. Other methods of detection are analysis of the language and formatting of the email and the use of links that promise incentives. Users could have also searched the official Spa GP site for the voucher deal to verify its legitimacy.
The Spa GP added that it sent an alert to its customers within hours of the scam, advising them that the email was fake and the link was not to be clicked.
“In addition, SPA GP immediately did everything possible to put an end to this situation,” the press release said, translated from French to English by Google.
“Its subcontractor in charge of IT security was also invited without delay to take all necessary measures to ensure that this type of situation does not happen again.
“SPA GP’s top priority is to ensure the ongoing confidentiality and integrity of its data processing systems and services.”
On 18 March, the day after the phishing scam was launched and customers were subsequently notified, Spa GP filed a complaint for computer forgery with cyber crime authorities and said that within days it will assist in an investigation as to how the breach occurred.
“The ongoing criminal investigation should make it possible to determine the causes and circumstances which led to this situation. It is therefore appropriate for the moment to let justice do its work while respecting the secrecy of the investigation.”
Be the first to hear the latest developments in the cyber industry.
