VMA reports cyberattack

The Venue Management Association [Asia and Pacific] has reported that it has experienced a cyberattack targeting its email systems.

In a communication to members it advises “we have successfully resolved the immediate threat and are continuing to work through a thorough investigation of the incident. Our priority remains the security and trust of our members, and we are committed to maintaining open communication throughout this process.

“Following the completion of our investigation, we will implement a comprehensive action plan to further secure our systems and ensure the continued protection of member data.”

Having been alerted to the cyberattack, the VMA noted “we want to extend our sincere thanks to all members who proactively reached out to notify us after receiving suspicious emails appearing to originate from our accounts. Your vigilance played a crucial role in helping us respond swiftly to this situation.

“Thank you for your understanding and continued support as we work to strengthen our cybersecurity measures.

“We recommend that all venues remain vigilant about the continuous presence of cybersecurity threats. This is a topic we will have a focus on at Congress this May.”

EVANZ ‘scam alert’
The Entertainment Venues Association of New Zealand (EVANZ) has issued a ‘scam alert’, advising “please be very careful - several members have alerted us to a scam offering to sell delegate data from our conference in Auckland last year. This is in no way endorsed by EVANZ.”

Having also received the scam email, Australasian Leisure Management Publisher, Nigel Benton commented “this is a common scam in the events industry where emails are sent to companies offering to sell an ‘attendee list’ with a common theme.”

Benton notes that:

• The scammers gather publicly available information to look more legitimate

• They claim to have the attendee list from a specific show, list the demographic information they will share, sometimes indicate a fake number of contacts in the list, and offer to send pricing information

• These emails are sent from a legitimate-sounding domain name, but they are not real people and do not have a live website. They use multiple domains for prospecting to get around spam filters

• They usually target general email accounts, e.g. hello@ marketing@ email accounts.

Editor's note: In the 2023 financial year, the Australian Cyber Security Centre (ACSC) received approximately 94,000 cybercrime reports, up from 76,000 the previous year. Additionally, the Australian Government revealed the average cost of cybercrime per report rose by 14% from 2021/22, to $71,600 for large businesses, $97,200 for mid-size businesses and $46,000 for small businesses.

Images: There is a growing threat of cyber-attack to businesses and organisations across the leisure industry (top, credit: Shutterstock) and an email offering data from the EVANZ Conference (below).