Scottish Football Association apologises after database 'hack' sends fans £170 invoice spam
All emails were spoofed to look like official emails from the SFA accounts department.
The Scottish Football Association (SFA) has been forced to issue an apology after thousands of fans signed up its official mailing list were sent malware-ridden spam emails.
On the morning of 5 December, numerous subscribers reported receiving an email titled 'Dear Customer' that was demanding an invoice for £170 be paid within 48 hours. The phishing email included a link for payment which reportedly contained a malicious file disguised as a website link.
A number of coaches also received a similar email purporting to be from the SFA department that manages training courses, the Daily Record said.
All emails were spoofed to look like official messages and signed as being from the 'Accounts Department' of the Scotland Supporters Club.
In response to complaints from those who had received the email, the Association issued an update via Twitter warning fans to ignore and delete the message. "Please be aware of a false email being circulated purporting to be from the Supporters Club," it said.
On its website, an official statement said: "We would like to apologise to those who have received a spam email this morning purporting to be from the Scottish FA. The email asks recipients to click a link where they can pay an outstanding bill.
"We urge all recipients to delete the email immediately and recommend that anyone who may have opened it run a security check on their computer to ensure no malware has been installed.
"We would like to assure all supporters that no bank or credit card details have been shared. We have moved to delete this account and the issue has been raised with our suppliers." It added that a further update would be provided as soon as possible.
In a strange turn, a separate fan group called the Scottish Football Supporters Association, blamed the problems on China. It tweeted: It looks like the @ScottishFA fans membership accounts have been hacked – source code from China. We have written to them to ask for info!"
The email to the official association, published by the Daily Record, allegedly said: "I wanted you to be aware that we have had many of our members have contacted us regarding the invoices coming for the SFA. This looks like a serious security breach and that a source in China (from what we can see of the source code) has access to the Scotland Supporters Membership database."
© Copyright IBTimes 2024. All rights reserved.