14 DAY TRIAL // The Scottish Football Association has just confirmed that “a third-party email database” was compromised by hackers, who managed to access subscriber emails and send spam that included malware.
The emails were titled “Dear Customer” and included what the attackers claimed to be an invoice that needed to be paid within 48 hours. When clicking the link to the invoice, however, users were prompted to download a file that was infected with an undisclosed form of malware, compromising their computers.
The Scottish Football Association explained on Twitter that users should delete the emails as soon as they land in their inbox, adding in a statement on its official website that no information was compromised and no user details were stolen.
“We urge all recipients to delete the email immediately and recommend that anyone who may have opened it run a security check on their computer to ensure no malware has been installed. We would like to assure all supporters that no bank or credit card details have been shared,” the Scottish FA said.
“We have moved to delete this account and the issue has been raised with our suppliers. We will provide an update in early course.”
Attacks coming from China?
Although the Scottish FA says it’s still investigating the breach, the Scottish Football Supporters Associations claims it has information indicating that the attack was launched from Chinese servers.
In a tweet posted a few hours after the breach, the supporters association points out that some accounts were hacked, leading to the spam campaign targeting all subscribers.
“It looks like the @ScottishFA fans membership accounts have been hacked – source code from China. We have written to them to ask for info!” the tweet reads.
Users who received the emails from the SFA and clicked on the included attachments are recommended to install antivirus software and scan for possible malware on their computers.