🚀 CloudSEK has raised $19M Series B1 Round – Powering the Future of Predictive Cybersecurity
Adversary Intelligence
6
mins read

Racing Into Danger: Advanced Cyber Threats Targeting Formula 1 Fans and Teams Ahead of the Dutch Grand Prix

Cybercriminals are targeting Formula 1 fans and teams ahead of the Dutch Grand Prix on August 31, 2025, with advanced threats including AI deepfakes impersonating executives, malicious F1 mobile apps, fake hospitality packages, crypto/NFT scams, and telemetry data theft. Fraudsters exploit regulatory gaps and fan demand for tickets, travel, and streaming. CloudSEK urges fans to use official sources and teams to strengthen verification, monitoring, and cybersecurity measures.

Varun Ajmera
August 31, 2025
Green Alert
Last Update posted on
August 31, 2025

Schedule a Demo
Table of Contents
Author(s)
No items found.

As Formula 1 roars back to life after the summer break with the Dutch Grand Prix on August 31, 2025, cybercriminals are revving up their engines too. While previous research has highlighted traditional ticket scams and phishing campaigns, new threat vectors are emerging that exploit Formula 1's growing digital ecosystem. From sophisticated deepfake attacks targeting team executives to malicious mobile apps and complex hospitality fraud schemes, the cyber threat landscape around F1 is becoming increasingly sophisticated and financially damaging.

The Evolving Threat Landscape: Beyond Traditional Scams

Deepfake CEO Impersonation Attacks

One of the most sophisticated threats facing teams and talent in Formula 1 is deepfakes, where AI-generated audio/video is used to impersonate executives and public figures to drive high‑value fraud or reputational harm.

 In July 2024, Ferrari experienced a near-miss with a deepfake scammer who attempted to impersonate CEO Benedetto Vigna. The ruse collapsed only after a personal challenge‑response check about a recent book recommendation.

The exposure is broader than fraud: on August 29, 2025, Motorsport.com reported Toto Wolff acknowledging AI “deepfake porn” using his likeness, underscoring the brand‑abuse and social‑engineering risk surface around high‑profile F1 figures.

To operationalize detection, comms and security teams can triage suspect clips and executive communications through CloudSEK’s community deepfake detection analyzer, which integrates multi‑modal checks (video, audio, facial coherence, texture analysis) to assign a fakeness score.

Pairing such screening with executive verification playbooks (e.g., out-of-band challenge-response, as Ferrari used) materially reduces the likelihood that deepfake-driven social engineering escalates into wire fraud, credential theft, or data exfiltration.

Malicious Formula 1 Mobile Applications

The proliferation of unofficial F1 mobile apps presents a significant mobile malware threat that extends far beyond simple phishing. Security researchers have identified concerning trends in fake F1-related mobile applications.

Common attack patterns include ghost apps - malicious applications that install without visible icons, periodically opening scam webpages; fake F1 game apps - counterfeit versions of official F1 mobile games that contain malware or adware; and unofficial streaming apps - applications claiming to offer free F1 streaming that install persistent malware.

These applications often request excessive permissions during installation, operate as hidden background processes, communicate with remote command-and-control servers, and can download additional malware payloads post-installation. The detection challenge is significant as these applications often don't appear in standard app lists and may only manifest through occasional pop-up advertisements or unwanted browser redirects.

Advanced Hospitality Package Fraud Networks

FIA has repeatedly warned of a coordinated ring of fraudulent hospitality vendors—such as Prive Global Events and Informa Hospitality Group—sending fans convincing emails and letters that misuse FIA/F1 branding to falsely claim authorized seller status for Grand Prix packages. Regulators later linked these firms to connected operations (including Foresea Limited) that collectively swindled customers of well over £1 million before being shut down.

These operations employed sophisticated tactics, including creating professional-looking websites with legitimate design, claiming packages became available due to "last-minute cancellations," offering packages at approximately 50% discount from official prices, collecting VAT payments without proper registration, and maintaining network resilience, where operators quickly establish new entities when one company is shut down.

Red flags identified include company registration dates significantly newer than claimed experience, directors with minimal business experience, registered addresses at residential properties, and no verifiable track record with official F1 hospitality providers.

NFT and Cryptocurrency Exploitation

The intersection of Formula 1's growing involvement with Web3 technologies and NFT partnerships has created new opportunities for sophisticated financial fraud.

Emerging NFT scam types in the F1 context include fake team token launches - counterfeit fan tokens impersonating official team partnerships; rug pull schemes - creating fake F1-themed NFT projects, raising funds, then abandoning investors; sleepminting attacks - creating NFTs that appear to originate from legitimate F1 teams or drivers; and marketplace manipulation - wash trading to artificially inflate prices of F1-themed digital collectibles.

With major crypto brands like Crypto.com, Binance, and others heavily investing in F1 sponsorships, scammers exploit this association to create fraudulent investment opportunities. The Netherlands' new gambling law restrictions on crypto advertising at the Dutch Grand Prix may inadvertently create confusion that scammers can exploit.

Technical Espionage and Data Theft

Telemetry Data Interception and Manipulation

Formula 1’s reliance on real‑time telemetry creates risks beyond typical enterprise IT, including RF jamming of team–driver channels, corruption of sensor-rich data streams from the 300+ sensors on each car, and poisoning of AI-driven strategy models that guide pit windows and tyre choices.

High‑value targets include engine performance traces, aerodynamic efficiency metrics, tyre degradation models, and strategy algorithms, as underscored by the Benjamin Hoyle/Mercedes incident that highlighted the market value of power‑unit and performance data.

Link these threats to concrete external precursors and exposures—leaked credentials, exposed telemetry keys, counterfeit dashboards/apps, and adversary chatter—that signal intent and open footholds into telemetry pipelines. Specifically, monitoring for leaked API tokens or RF configuration files on forums and paste sites, spoofed “Race Guide” or team portals harvesting logins, and misconfigured cloud buckets, brokers, or VPN gateways tied to telemetry ingestion and viewing—each expanding the initial‑access surface

Using CloudSEK’s XVigil to perform this external digital risk monitoring to detect these leaks, impersonations, and listings, then closing the corresponding internet‑facing exposures, directly reduces Initial Access Vectors into race‑critical telemetry systems and preserves data integrity and competitive advantage.

Supply Chain and Communications Security

Recent incidents highlight vulnerabilities in F1's complex digital supply chain. The Formula 1 governing body, the FIA, disclosed in 2024 that phishing attacks compromised two email accounts, potentially exposing personal data of drivers, team members, and stakeholders across multiple countries.

Key vulnerabilities identified include email systems containing sensitive regulatory information, communication channels between teams and the FIA, data related to driver medical information and safety protocols, and financial and contractual information.

Travel and Accommodation Fraud

Beyond simple ticket fraud, cybercriminals are targeting the entire F1 travel ecosystem. The collapse of Camping F1 Ltd in 2024 left hundreds of fans without accommodation and no possibility of refunds, highlighting vulnerabilities in the F1 travel industry.

Sophisticated travel scams include phantom tour operators - companies that appear legitimate but lack proper licensing or partnerships; dynamic pricing manipulation - using fake scarcity to pressure customers into immediate bookings; and package bundling fraud - offering comprehensive packages where only some components exist.

Protection Strategies and Mitigation

For F1 Teams and Organizations:

  • Implement verification protocols for high-value communications
  • Deploy AI-powered systems to identify deepfake attempts
  • Comprehensive vetting of all digital service providers
  • Develop specific protocols for motorsport-related cyber incidents

For Fans and Consumers:

  • Only purchase through verified F1 partners
  • Download applications only from official app stores
  • Be skeptical of unsolicited offers, especially time-sensitive ones
  • Use payment methods that offer fraud protection

Advanced Verification Techniques:

  • Confirm bookings through multiple communication channels
  • Verify business registration and trading history
  • Check if companies have legitimate industry connections
  • Avoid direct bank transfers for large purchases

Looking Ahead: The Dutch Grand Prix and Beyond

As Formula 1 prepares for Zandvoort on August 31, 2025, fans should be particularly vigilant about last-minute ticket scams exploiting the race's popularity, accommodation fraud targeting the tight supply in the Netherlands, cryptocurrency-related scams that may exploit regulatory confusion, and fake mobile apps promising exclusive content or streaming access.

The sophistication of cyber threats targeting Formula 1 is evolving as rapidly as the technology powering the sport itself. From AI-powered deepfakes targeting team executives to complex financial fraud networks, the stakes have never been higher. As F1 continues its digital transformation and global expansion, both teams and fans must adapt their security practices to match the sophistication of modern cybercriminals.

The Dutch Grand Prix represents not just a return to racing action but a critical moment to implement enhanced cybersecurity awareness and protection measures across the entire F1 ecosystem. The race may last just over an hour, but the digital threats surrounding it operate around the clock.

‍

References

‍

Author

Varun Ajmera

Varun Ajmera is a Security Researcher and a key member of the TRIAD team, specializing in uncovering emerging cyber threats and analyzing their impact. With a focus on proactive defense, Varun contributes to enhancing organizational security through in-depth research and actionable insights.

Predict Cyber threats against your organization

Schedule a Demo
Related Posts
No items found.

Join 10,000+ subscribers

Keep up with the latest news about strains of Malware, Phishing Lures,
Indicators of Compromise, and Data Leaks.

Take action now

Secure your organisation with our Award winning Products

CloudSEK Platform is a no-code platform that powers our products with predictive threat analytic capabilities.

CloudSEK XVigil

Digital Risk Protection platform which gives Initial Attack Vector Protection for employees and customers.

Learn more about XVigil
CloudSEK SVigil

Software and Supply chain Monitoring providing Initial Attack Vector Protection for Software Supply Chain risks.

Learn more about SVigil
CloudSEK SVigil

Creates a blueprint of an organization's external attack surface including the core infrastructure and the software components.

Learn more about BeVigil Ent
CloudSEK BeVigil

Instant Security Score for any Android Mobile App on your phone. Search for any app to get an instant risk score.

Learn more about BeVigil

Racing Into Danger: Advanced Cyber Threats Targeting Formula 1 Fans and Teams Ahead of the Dutch Grand Prix

Cybercriminals are targeting Formula 1 fans and teams ahead of the Dutch Grand Prix on August 31, 2025, with advanced threats including AI deepfakes impersonating executives, malicious F1 mobile apps, fake hospitality packages, crypto/NFT scams, and telemetry data theft. Fraudsters exploit regulatory gaps and fan demand for tickets, travel, and streaming. CloudSEK urges fans to use official sources and teams to strengthen verification, monitoring, and cybersecurity measures.
August 31, 2025
6
min
Table of Content
Example H2

As Formula 1 roars back to life after the summer break with the Dutch Grand Prix on August 31, 2025, cybercriminals are revving up their engines too. While previous research has highlighted traditional ticket scams and phishing campaigns, new threat vectors are emerging that exploit Formula 1's growing digital ecosystem. From sophisticated deepfake attacks targeting team executives to malicious mobile apps and complex hospitality fraud schemes, the cyber threat landscape around F1 is becoming increasingly sophisticated and financially damaging.

The Evolving Threat Landscape: Beyond Traditional Scams

Deepfake CEO Impersonation Attacks

One of the most sophisticated threats facing teams and talent in Formula 1 is deepfakes, where AI-generated audio/video is used to impersonate executives and public figures to drive high‑value fraud or reputational harm.

 In July 2024, Ferrari experienced a near-miss with a deepfake scammer who attempted to impersonate CEO Benedetto Vigna. The ruse collapsed only after a personal challenge‑response check about a recent book recommendation.

The exposure is broader than fraud: on August 29, 2025, Motorsport.com reported Toto Wolff acknowledging AI “deepfake porn” using his likeness, underscoring the brand‑abuse and social‑engineering risk surface around high‑profile F1 figures.

To operationalize detection, comms and security teams can triage suspect clips and executive communications through CloudSEK’s community deepfake detection analyzer, which integrates multi‑modal checks (video, audio, facial coherence, texture analysis) to assign a fakeness score.

Pairing such screening with executive verification playbooks (e.g., out-of-band challenge-response, as Ferrari used) materially reduces the likelihood that deepfake-driven social engineering escalates into wire fraud, credential theft, or data exfiltration.

Malicious Formula 1 Mobile Applications

The proliferation of unofficial F1 mobile apps presents a significant mobile malware threat that extends far beyond simple phishing. Security researchers have identified concerning trends in fake F1-related mobile applications.

Common attack patterns include ghost apps - malicious applications that install without visible icons, periodically opening scam webpages; fake F1 game apps - counterfeit versions of official F1 mobile games that contain malware or adware; and unofficial streaming apps - applications claiming to offer free F1 streaming that install persistent malware.

These applications often request excessive permissions during installation, operate as hidden background processes, communicate with remote command-and-control servers, and can download additional malware payloads post-installation. The detection challenge is significant as these applications often don't appear in standard app lists and may only manifest through occasional pop-up advertisements or unwanted browser redirects.

Advanced Hospitality Package Fraud Networks

FIA has repeatedly warned of a coordinated ring of fraudulent hospitality vendors—such as Prive Global Events and Informa Hospitality Group—sending fans convincing emails and letters that misuse FIA/F1 branding to falsely claim authorized seller status for Grand Prix packages. Regulators later linked these firms to connected operations (including Foresea Limited) that collectively swindled customers of well over £1 million before being shut down.

These operations employed sophisticated tactics, including creating professional-looking websites with legitimate design, claiming packages became available due to "last-minute cancellations," offering packages at approximately 50% discount from official prices, collecting VAT payments without proper registration, and maintaining network resilience, where operators quickly establish new entities when one company is shut down.

Red flags identified include company registration dates significantly newer than claimed experience, directors with minimal business experience, registered addresses at residential properties, and no verifiable track record with official F1 hospitality providers.

NFT and Cryptocurrency Exploitation

The intersection of Formula 1's growing involvement with Web3 technologies and NFT partnerships has created new opportunities for sophisticated financial fraud.

Emerging NFT scam types in the F1 context include fake team token launches - counterfeit fan tokens impersonating official team partnerships; rug pull schemes - creating fake F1-themed NFT projects, raising funds, then abandoning investors; sleepminting attacks - creating NFTs that appear to originate from legitimate F1 teams or drivers; and marketplace manipulation - wash trading to artificially inflate prices of F1-themed digital collectibles.

With major crypto brands like Crypto.com, Binance, and others heavily investing in F1 sponsorships, scammers exploit this association to create fraudulent investment opportunities. The Netherlands' new gambling law restrictions on crypto advertising at the Dutch Grand Prix may inadvertently create confusion that scammers can exploit.

Technical Espionage and Data Theft

Telemetry Data Interception and Manipulation

Formula 1’s reliance on real‑time telemetry creates risks beyond typical enterprise IT, including RF jamming of team–driver channels, corruption of sensor-rich data streams from the 300+ sensors on each car, and poisoning of AI-driven strategy models that guide pit windows and tyre choices.

High‑value targets include engine performance traces, aerodynamic efficiency metrics, tyre degradation models, and strategy algorithms, as underscored by the Benjamin Hoyle/Mercedes incident that highlighted the market value of power‑unit and performance data.

Link these threats to concrete external precursors and exposures—leaked credentials, exposed telemetry keys, counterfeit dashboards/apps, and adversary chatter—that signal intent and open footholds into telemetry pipelines. Specifically, monitoring for leaked API tokens or RF configuration files on forums and paste sites, spoofed “Race Guide” or team portals harvesting logins, and misconfigured cloud buckets, brokers, or VPN gateways tied to telemetry ingestion and viewing—each expanding the initial‑access surface

Using CloudSEK’s XVigil to perform this external digital risk monitoring to detect these leaks, impersonations, and listings, then closing the corresponding internet‑facing exposures, directly reduces Initial Access Vectors into race‑critical telemetry systems and preserves data integrity and competitive advantage.

Supply Chain and Communications Security

Recent incidents highlight vulnerabilities in F1's complex digital supply chain. The Formula 1 governing body, the FIA, disclosed in 2024 that phishing attacks compromised two email accounts, potentially exposing personal data of drivers, team members, and stakeholders across multiple countries.

Key vulnerabilities identified include email systems containing sensitive regulatory information, communication channels between teams and the FIA, data related to driver medical information and safety protocols, and financial and contractual information.

Travel and Accommodation Fraud

Beyond simple ticket fraud, cybercriminals are targeting the entire F1 travel ecosystem. The collapse of Camping F1 Ltd in 2024 left hundreds of fans without accommodation and no possibility of refunds, highlighting vulnerabilities in the F1 travel industry.

Sophisticated travel scams include phantom tour operators - companies that appear legitimate but lack proper licensing or partnerships; dynamic pricing manipulation - using fake scarcity to pressure customers into immediate bookings; and package bundling fraud - offering comprehensive packages where only some components exist.

Protection Strategies and Mitigation

For F1 Teams and Organizations:

  • Implement verification protocols for high-value communications
  • Deploy AI-powered systems to identify deepfake attempts
  • Comprehensive vetting of all digital service providers
  • Develop specific protocols for motorsport-related cyber incidents

For Fans and Consumers:

  • Only purchase through verified F1 partners
  • Download applications only from official app stores
  • Be skeptical of unsolicited offers, especially time-sensitive ones
  • Use payment methods that offer fraud protection

Advanced Verification Techniques:

  • Confirm bookings through multiple communication channels
  • Verify business registration and trading history
  • Check if companies have legitimate industry connections
  • Avoid direct bank transfers for large purchases

Looking Ahead: The Dutch Grand Prix and Beyond

As Formula 1 prepares for Zandvoort on August 31, 2025, fans should be particularly vigilant about last-minute ticket scams exploiting the race's popularity, accommodation fraud targeting the tight supply in the Netherlands, cryptocurrency-related scams that may exploit regulatory confusion, and fake mobile apps promising exclusive content or streaming access.

The sophistication of cyber threats targeting Formula 1 is evolving as rapidly as the technology powering the sport itself. From AI-powered deepfakes targeting team executives to complex financial fraud networks, the stakes have never been higher. As F1 continues its digital transformation and global expansion, both teams and fans must adapt their security practices to match the sophistication of modern cybercriminals.

The Dutch Grand Prix represents not just a return to racing action but a critical moment to implement enhanced cybersecurity awareness and protection measures across the entire F1 ecosystem. The race may last just over an hour, but the digital threats surrounding it operate around the clock.

‍

References

‍

Varun Ajmera
Varun Ajmera is a Security Researcher and a key member of the TRIAD team, specializing in uncovering emerging cyber threats and analyzing their impact. With a focus on proactive defense, Varun contributes to enhancing organizational security through in-depth research and actionable insights.

Varun Ajmera is a Security Researcher and a key member of the TRIAD team, specializing in uncovering emerging cyber threats and analyzing their impact. With a focus on proactive defense, Varun contributes to enhancing organizational security through in-depth research and actionable insights.

Related Blogs

No items found.