Scottish FA Apologizes After Fans are Phished

Scottish football fans have been targeted by a highly convincing phishing scam.

On Monday, the Scottish Football Association (SFA) was forced to apologize to those receiving the spam email purporting to come from the SFA.

It appears as if hackers managed to infiltrate a database to harvest the email records of the association’s Scotland Supporters Club members.

The email they then sent out requests that the recipient pay the attached invoice of £170, due on 7 December.

Although the email is highly convincing, as the Supporters Club arranges ticketing for away match days, and is written in flawless English, the telephone number given at the bottom doesn’t exist, as many fans have spotted.

It’s unclear whether the ‘payment link’ in the email leads to malware or a traditional credential harvesting page, but users are advised not to click through.

The Scottish FA statement had the following:

“The email asks recipients to click a link where they can pay an outstanding bill.

This has occurred due to a third-party email database being compromised.

We urge all recipients to delete the email immediately and recommend that anyone who may have opened it run a security check on their computer to ensure no malware has been installed.

We would like to assure all supporters that no bank or credit card details have been shared.

We have moved to delete this account and the issue has been raised with our suppliers.”

It’s not clear how many were affected by the scam, but the Scotland Supporters Club has over 29,000 members, according to the BBC.

Jamie Graves, CEO at ZoneFox, argued that attacks like this “often happen stealthily and wreak havoc rapidly.

"This incident is another wake-up call to companies to become more alert to such breaches and realize that it could happen to anyone,” he added. “This breach highlights the importance of educating all staff to secure their systems, spot an attempt to gain information from them, and to ensure that wherever they are storing this data is locked down tight."

What’s Hot on Infosecurity Magazine?