Grand Prix website hacked to send out phishing emails to F1 fans

News
By Craig Hale
published

F1 fans faced with phishing attack consequences

Red Bull Racing's Dutch driver Max Verstappen competes in the F1 Saudi Arabian Grand Prix 2024
(Image credit: GIUSEPPE CACACE/AFP via Getty Images)

The organizers of the 2024 Belgian Grand Prix – one of Formula 1’s most anticipated events – have found themselves grappling with a cybersecurity breach after hackers reportedly infiltrated the official contact email.

On Sunday, March 17, threat actors are said to have broken entry to the email account and initiated a phishing campaign targeting fans eager to attend the prestigious race at the Circuit de Spa-Francorchamps.

The phishing attacks were carried out using a fake €50 gift voucher sent to fans who intend to purchase tickets to the upcoming event, which will be held from July 26 to July 28 2024.

Formula 1 phishing campaign

The link in the email directs unsuspecting victims to a page designed to look like the genuine Spa Grand Prix portal, but the malicious site instead captures confidential and personal information, including payment information.

The race organizers issued warnings to customers within hours of detecting the phishing attempts, but for many, this was too late. The organization also requested that its IT security subcontractor strengthen defenses against future breaches.

One day after the attack, SPA GP also lodged a formal complaint with the Belgian cyber police, with plans to pursue a civil claim.

When TechRadar Pro asked the event organizers to share more information regarding the attack, we were directed to the press release, which concludes with the following message: 

"Finally, SPA GP would like to stress that its website has not been targeted by this fraud and that the official online ticketing service (www.spagrandprix.com) is and will remain entirely secure."

In the meantime, the organization says that the ongoing criminal investigation should make it possible to determine the cause of the attack.

However, amid concerns over compromised data, customers who purchased tickets are being urged to reach out to SPA GP’s secretariat for assistance. More generally, potential victims can take other proactive measures to protect themselves online, such as changing passwords regularly and monitoring accounts for suspicious activity.

More from TechRadar Pro

Craig Hale
Craig Hale

With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!