Attackers leveraged the hijacked email account to send phishing emails using a €50 voucher for ticket purchases as a lure that redirected to a spoofed Spa GP website that sought targets’ banking details and other personal information. Such malicious activity was immediately identified by Spa GP, which promptly sent emails warning about the phishing attempt and sought additional security protections from its IT security subcontractor.
Source: SC Magazine