Gala Tartan Army (Borders) Posted December 5, 2016 Share Posted December 5, 2016 Certainly need clarification from SSC as to whether our saved credit card details are safe ! Quote Link to comment Share on other sites More sharing options...
wanderer Posted December 5, 2016 Share Posted December 5, 2016 2 minutes ago, Gala Tartan Army (Borders) said: Certainly need clarification from SSC as to whether our saved credit card details are safe ! Not a expert, but speaking to a friend who does the IT for his company. He does not think there is anything to be majorly worried about (in terms of your personal details) as details like that should be on a totally different database. As non-SSC members are getting this, it's more likely that the email server has been hacked and someone has sent out a email to everyone on that database. If there was more personal details to hand, then there would be a more personal feel to the email (fact they have not even bothered to look up a Glasgow number seem to hint this was a rush in and out job). Quote Link to comment Share on other sites More sharing options...
CNelson Posted December 5, 2016 Share Posted December 5, 2016 100%, card and payment details are typically held through the servers of the payments operator. For instance Stripe or Braintree (a paypal company) will look after the payments and billing side of the operation where as the SFA will only have membership details. So to my understanding the payment details will be on a totally different server and this will only be a breach of mailing lists. Quote Link to comment Share on other sites More sharing options...
OLAS Posted December 5, 2016 Share Posted December 5, 2016 1 hour ago, Cove_Sheep said: Did you download it? Â Yeah. Â I code javascript for a living It likely wouldn't work on my operating system anyway. Â Â Quote Link to comment Share on other sites More sharing options...
Alan Posted December 5, 2016 Share Posted December 5, 2016 24 minutes ago, MorayCupMan said: arite...cheers for that....Im fairly thick regarding this kinda stuff.. Send me your credit card details, postcode and date of birth, wifes maiden name and I'll sort it out for you. Quote Link to comment Share on other sites More sharing options...
OLAS Posted December 5, 2016 Share Posted December 5, 2016 13 minutes ago, wanderer said: Not a expert, but speaking to a friend who does the IT for his company. He does not think there is anything to be majorly worried about (in terms of your personal details) as details like that should be on a totally different database. As non-SSC members are getting this, it's more likely that the email server has been hacked and someone has sent out a email to everyone on that database. If there was more personal details to hand, then there would be a more personal feel to the email (fact they have not even bothered to look up a Glasgow number seem to hint this was a rush in and out job). This sounds about right.  Any email from noreply@scottishfa.co.uk via mail173.atl171.mcdlv.net goes through the MailChimp newsletter service.    I've checked my archive and none of them contain any personal information - i.e.  Hello <Firstname> That said, it's possible the username and password for MailChimp has been hacked and who knows what other passwords have been taken... and if they're the same for different services such as Stripe or any other payment gateway.  Quote Link to comment Share on other sites More sharing options...
theweestevie Posted December 5, 2016 Share Posted December 5, 2016 We would like to apologise to those who have received a spoof email this morning purporting to be from the Scottish FA. The email asks recipients to click a link where they can pay an outstanding bill. This has occurred due to a third-party email database being compromised. We urge all recipients to delete the email immediately and recommend that anyone who may have opened it run a security check on their computer to ensure no malware has been installed. We would like to assure all supporters that no bank or credit card details have been shared. We have moved to delete this account and the issue has been raised with our suppliers. We will provide an update in early course. Â http://www.scottishfa.co.uk/scottish_fa_news.cfm?page=2986&newsID=16673&newsCategoryID=1 Quote Link to comment Share on other sites More sharing options...
deecie Posted December 5, 2016 Share Posted December 5, 2016 17 minutes ago, theweestevie said: We would like to apologise to those who have received a spoof email this morning purporting to be from the Scottish FA. The email asks recipients to click a link where they can pay an outstanding bill. This has occurred due to a third-party email database being compromised. We urge all recipients to delete the email immediately and recommend that anyone who may have opened it run a security check on their computer to ensure no malware has been installed. We would like to assure all supporters that no bank or credit card details have been shared. We have moved to delete this account and the issue has been raised with our suppliers. We will provide an update in early course. Â http://www.scottishfa.co.uk/scottish_fa_news.cfm?page=2986&newsID=16673&newsCategoryID=1 Have ATAC issued an apology yet? Quote Link to comment Share on other sites More sharing options...
kumnio Posted December 5, 2016 Share Posted December 5, 2016 2 minutes ago, deecie said: Have ATAC issued an apology yet? They have said its the fans fault for having an email address. Quote Link to comment Share on other sites More sharing options...
RenfrewBlue Posted December 5, 2016 Share Posted December 5, 2016 24 minutes ago, OLAS said: This sounds about right.  Any email from noreply@scottishfa.co.uk via mail173.atl171.mcdlv.net goes through the MailChimp newsletter service.    I've checked my archive and none of them contain any personal information - i.e.  Hello <Firstname> That said, it's possible the username and password for MailChimp has been hacked and who knows what other passwords have been taken... and if they're the same for different services such as Stripe or any other payment gateway.  It will depend on the SFA and what financial details theyve chosen to hold themselves. To do that they need to pass a fairly stringent audit and specific rules around storage etc. I'd guess they've just contracted that stuff out to their payment service provider. These types of companies are normally far more secure than places like the SFA. I'll see if I can dig out the stuff I did years ago when doing this for Scottish Water. Quote Link to comment Share on other sites More sharing options...
OLAS Posted December 5, 2016 Share Posted December 5, 2016 This has occurred due to a third-party email database being compromised. MailChimp hasn't been hacked... https://twitter.com/search?f=tweets&vertical=default&q=mailchimp&src=typd SFA seem to be shifting the blame.  Regan has likely been looking at amputee midget porn and had his computer compromised and passwords snatched, which was then used on MailChimp to send out this email to every subscriber. Quote Link to comment Share on other sites More sharing options...
Shed_Tartan_Army_Yeah Posted December 5, 2016 Share Posted December 5, 2016 http://www.bbc.co.uk/news/uk-scotland-glasgow-west-38205992  Thousands of football fans were sent a scam email asking them to pay a bill after a Scottish Football Association database was apparently hacked. An invoice for £170 was sent to subscribers to the Scotland National Team mailing list just after 09:00. The email - addressed "Dear Customer" - provided a link for payment, which was a disguised website address. The SFA said a third-party email database had been compromised and urged recipients to delete the email. Its statement said: "We would like to apologise to those who have received a spoof email this morning purporting to be from the Scottish FA." It recommended that anyone who may have opened it run a security check on their computer to ensure no malware had been installed. Virus fears It said: "We would like to assure all supporters that no bank or credit card details have been shared. "We have moved to delete this account and the issue has been raised with our suppliers. "We will provide an update in early course." Fans on message boards suggested that clicking on the link within the scam email could infect computers with a virus and leave them out of pocket. The email contained links identical to those sent on official communications to supporters and were signed off as being from the "Accounts Department" of the Scotland Supporters Club. The group - which gives members access to away tickets for Scotland matches - currently has 29,231 members. Quote Link to comment Share on other sites More sharing options...
aaid Posted December 5, 2016 Share Posted December 5, 2016 8 minutes ago, OLAS said:   MailChimp hasn't been hacked... https://twitter.com/search?f=tweets&vertical=default&q=mailchimp&src=typd SFA seem to be shifting the blame.  Regan has likely been looking at amputee midget porn and had his computer compromised and passwords snatched, which was then used on MailChimp to send out this email to every subscriber. More likely they just guessed his password was 1luvGord0n Quote Link to comment Share on other sites More sharing options...
scoobydoo Posted December 5, 2016 Share Posted December 5, 2016 1 hour ago, theweestevie said: This has occurred due to a third-party email database being compromised. I'd be more concerned about this. Who are the SFA selling your information to? Quote Link to comment Share on other sites More sharing options...
scoobydoo Posted December 5, 2016 Share Posted December 5, 2016 54 minutes ago, kumnio said: They have said its the fans fault for having an email address. and the audacity to actually open an email sent to them. Quote Link to comment Share on other sites More sharing options...
CNelson Posted December 5, 2016 Share Posted December 5, 2016 1 minute ago, scoobydoo said: I'd be more concerned about this. Who are the SFA selling your information to? Mailchimp, just an application for sending out emails to their mailing list. Not selling as such but Mailchimp stores your mailing list and makes it easy for your to send out campaign emails. Quote Link to comment Share on other sites More sharing options...
scoobydoo Posted December 5, 2016 Share Posted December 5, 2016 (edited) 2 minutes ago, CNelson said: Mailchimp, just an application for sending out emails to their mailing list. Not selling as such but Mailchimp stores your mailing list and makes it easy for your to send out campaign emails. yeah, I'm believing that the caring SFA will only sell your info to an email sharing outfit. Â That Regan looks like he'd be into donkey porn too. A definite no-righter. Edited December 5, 2016 by scoobydoo Quote Link to comment Share on other sites More sharing options...
Chesney TA Posted December 5, 2016 Share Posted December 5, 2016 1 hour ago, wanderer said: Not a expert, but speaking to a friend who does the IT for his company. He does not think there is anything to be majorly worried about (in terms of your personal details) as details like that should be on a totally different database. As non-SSC members are getting this, it's more likely that the email server has been hacked and someone has sent out a email to everyone on that database. If there was more personal details to hand, then there would be a more personal feel to the email (fact they have not even bothered to look up a Glasgow number seem to hint this was a rush in and out job). "Not a expert" You should prefix all of your posts with that. Quote Link to comment Share on other sites More sharing options...
KirkieRobRoy Posted December 5, 2016 Share Posted December 5, 2016 I got two purporting to be the SSC and one the SFA. As long as you don't click on the link you should be OK. Â On Outlook you can choose to 'report as phishing scam'. Quote Link to comment Share on other sites More sharing options...
dandydunn Posted December 5, 2016 Share Posted December 5, 2016 How do I get my money back? Looks like I'm the only one to fall for it. Quote Link to comment Share on other sites More sharing options...
Ally Bongo Posted December 5, 2016 Share Posted December 5, 2016 13 minutes ago, dandydunn said: How do I get my money back? Looks like I'm the only one to fall for it. PM me your bank card number, expiry date and 3 digit security number and i'll ensure my contact at the SFA transfers the money to you ... Quote Link to comment Share on other sites More sharing options...
DOUBLE A Posted December 5, 2016 Share Posted December 5, 2016 34 minutes ago, dandydunn said: How do I get my money back? Looks like I'm the only one to fall for it. Think Ally Bongo is trying to scam you so   PM me your bank card number, expiry date and 3 digit security number and i'll ensure my contact at the SFA transfers the money to you ...  Quote Quote Link to comment Share on other sites More sharing options...
Parklife Posted December 5, 2016 Share Posted December 5, 2016 1 hour ago, scoobydoo said: That Regan looks like he'd be into donkey porn too. A definite no-righter. Is donkey porn donkeys shagging each other, donkeys shagging people, or people shagging donkeys? Asking for a friend. 1 hour ago, Chesney TA said: "Not a expert" You should prefix all of your posts with that. Â Quote Link to comment Share on other sites More sharing options...
Alan Posted December 5, 2016 Share Posted December 5, 2016 Where's the email scam "perty"? to celebrate this? Still tickets going? Quote Link to comment Share on other sites More sharing options...
Ally Bongo Posted December 5, 2016 Share Posted December 5, 2016 Mailchimp sounds quite racist Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.