Scottish Football Fans Phished
Date: Dec 6, 2016
The Scottish Football Association (SFA) website users have received phishing emails requesting payment for unpaid tickets.
Fans who had signed up to the SFA received the phishing emails from an email address, [email protected], appearing to be registered to the SFA.
The email stated that the recipient had an unpaid bill of £170, due by 7th December, and requested payment by clicking on a (potentially malicious) link in the email.
The list of registered SFA fans was reportedly accessed through the breach of a third party database.
The SFA released a statement on its website, apologising for the mistake. The statement assured fans that though a third party database was breached, no bank or credit card details were shared.
The statement urged “all recipients to delete the email immediately and recommend that anyone who may have opened it run a security check on their computer to ensure no malware has been installed.”
The SFA added, “We have moved to delete this account and the issue has been raised with our suppliers.”
The Scotland Supporters Club tweeted: “Please be aware of a false email being circulated purporting to be from the Supporters Club. Please ignore and delete this email.”
We recommend all organisations roll out Security Awareness Training and Testing to their employees – to keep them safe at work and at home – and ensure all 3rd party suppliers have the necessary safeguards in place – see our Automated Risk Register Service>>