cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Famous Spa GP F1 race comms hijacked by phishing scammers

Hackers are launching phishing attacks on Formula 1 (F1) fans after hijacking the official email account of one of the most infamous Grand Prix events in the world – Spa.

user icon Daniel Croft
Thu, 21 Mar 2024
Famous Spa GP F1 race comms hijacked by phishing scammers
expand image

On 17 March 2024, threat actors gained unauthorised access to the official contact email account of the Belgium based Circuit de Spa-Francorchamps, an infamous Grand Prix held as part of the Formula 1 World Championship on one of the most notorious tracks in the world.

According to a press release from Spa, the threat actor who gained control of the email then began contacting F1 fans with phishing emails containing a link to a fake site that promised €50 vouchers for purchasing tickets for the F1 Grand Prix.

The fake website mimicked the design language of the official Spa Grand Prix website but asked victims for personal details such as banking information.


Phishing emails are often difficult but possible to spot, with a big hint as to whether an email is official or a scam being the email address used. Scammers often use very similar email addresses by adding additional letters or changing spelling or creating official-sounding addresses.

However, when an email used is the official email of a trusted institution that can be verified as legitimate through a Google search or other means, it is considerably harder to distinguish an attack from a legitimate email. Other methods of detection are analysis of the language and formatting of the email and the use of links that promise incentives. Users could have also searched the official Spa GP site for the voucher deal to verify its legitimacy.

The Spa GP added that it sent an alert to its customers within hours of the scam, advising them that the email was fake and the link was not to be clicked.

“In addition, SPA GP immediately did everything possible to put an end to this situation,” the press release said, translated from French to English by Google.

“Its subcontractor in charge of IT security was also invited without delay to take all necessary measures to ensure that this type of situation does not happen again.

“SPA GP’s top priority is to ensure the ongoing confidentiality and integrity of its data processing systems and services.”

On 18 March, the day after the phishing scam was launched and customers were subsequently notified, Spa GP filed a complaint for computer forgery with cyber crime authorities and said that within days it will assist in an investigation as to how the breach occurred.

“The ongoing criminal investigation should make it possible to determine the causes and circumstances which led to this situation. It is therefore appropriate for the moment to let justice do its work while respecting the secrecy of the investigation.”

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

cd intro podcast

Introducing Cyber Daily, the new name for Cyber Security Connect

Click here to learn all about it
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.