Belgian Grand Prix organizer Spa Grand Prix had its official email account compromised by threat actors in a phishing campaign, BleepingComputer reports.
Attackers leveraged the hijacked email account to send phishing emails using a €50 voucher for ticket purchases as a lure that redirected to a spoofed Spa GP website that sought targets' banking details and other personal information. Such malicious activity was immediately identified by Spa GP, which promptly sent emails warning about the phishing attempt and sought additional security protections from its IT security subcontractor. While no details regarding the extent of the intrusion were provided, Spa GP stressed that its website and ticketing system were not affected. "The criminal investigation currently underway should make it possible to determine the causes and circumstances that led to this situation. For the time being, therefore, we must let the courts do their work while respecting the confidentiality of the investigation," said Spa Grand Prix.
