Email from SFA - DO NOT OPEN! - Page 4 - TA specific - Tartan Army Message Board Jump to content

Email from SFA - DO NOT OPEN!

killiesons

By killiesons
in TA specific

 Share

Recommended Posts

  • Replies 121
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Posted Images

wanderer

wanderer

Posted
Posted
2 minutes ago, Gala Tartan Army (Borders) said:

Certainly need clarification from SSC as to whether our saved credit card details are safe !

Not a expert, but speaking to a friend who does the IT for his company.

He does not think there is anything to be majorly worried about (in terms of your personal details) as details like that should be on a totally different database. As non-SSC members are getting this, it's more likely that the email server has been hacked and someone has sent out a email to everyone on that database.

If there was more personal details to hand, then there would be a more personal feel to the email (fact they have not even bothered to look up a Glasgow number seem to hint this was a rush in and out job).

Link to comment
Share on other sites
CNelson

CNelson

Posted
Posted

100%, card and payment details are typically held through the servers of the payments operator. For instance Stripe or Braintree (a paypal company) will look after the payments and billing side of the operation where as the SFA will only have membership details. So to my understanding the payment details will be on a totally different server and this will only be a breach of mailing lists.

Link to comment
Share on other sites
Alan

Alan

Posted
Posted
24 minutes ago, MorayCupMan said:

arite...cheers for that....Im fairly thick regarding this kinda stuff..

Send me your credit card details, postcode and date of birth, wifes maiden name and I'll sort it out for you.

Link to comment
Share on other sites
OLAS

OLAS

Posted
Posted
13 minutes ago, wanderer said:

Not a expert, but speaking to a friend who does the IT for his company.

He does not think there is anything to be majorly worried about (in terms of your personal details) as details like that should be on a totally different database. As non-SSC members are getting this, it's more likely that the email server has been hacked and someone has sent out a email to everyone on that database.

If there was more personal details to hand, then there would be a more personal feel to the email (fact they have not even bothered to look up a Glasgow number seem to hint this was a rush in and out job).

This sounds about right.  Any email from noreply@scottishfa.co.uk via mail173.atl171.mcdlv.net goes through the MailChimp newsletter service.      I've checked my archive and none of them contain any personal information - i.e.  Hello <Firstname> 

That said, it's possible the username and password for MailChimp has been hacked and who knows what other passwords have been taken... and if they're the same for different services such as Stripe or any other payment gateway.  

Link to comment
Share on other sites
theweestevie

theweestevie

Posted
Posted

We would like to apologise to those who have received a spoof email this morning purporting to be from the Scottish FA.

The email asks recipients to click a link where they can pay an outstanding bill.

This has occurred due to a third-party email database being compromised.

We urge all recipients to delete the email immediately and recommend that anyone who may have opened it run a security check on their computer to ensure no malware has been installed.

We would like to assure all supporters that no bank or credit card details have been shared.

We have moved to delete this account and the issue has been raised with our suppliers.

We will provide an update in early course.

 

http://www.scottishfa.co.uk/scottish_fa_news.cfm?page=2986&newsID=16673&newsCategoryID=1

Link to comment
Share on other sites
deecie

deecie

Posted
Posted
17 minutes ago, theweestevie said:

We would like to apologise to those who have received a spoof email this morning purporting to be from the Scottish FA.

The email asks recipients to click a link where they can pay an outstanding bill.

This has occurred due to a third-party email database being compromised.

We urge all recipients to delete the email immediately and recommend that anyone who may have opened it run a security check on their computer to ensure no malware has been installed.

We would like to assure all supporters that no bank or credit card details have been shared.

We have moved to delete this account and the issue has been raised with our suppliers.

We will provide an update in early course.

 

http://www.scottishfa.co.uk/scottish_fa_news.cfm?page=2986&newsID=16673&newsCategoryID=1

Have ATAC issued an apology yet?

Link to comment
Share on other sites
RenfrewBlue

RenfrewBlue

Posted
Posted
24 minutes ago, OLAS said:

This sounds about right.  Any email from noreply@scottishfa.co.uk via mail173.atl171.mcdlv.net goes through the MailChimp newsletter service.      I've checked my archive and none of them contain any personal information - i.e.  Hello <Firstname> 

That said, it's possible the username and password for MailChimp has been hacked and who knows what other passwords have been taken... and if they're the same for different services such as Stripe or any other payment gateway.  

It will depend on the SFA and what financial details theyve chosen to hold themselves. To do that they need to pass a fairly stringent audit and specific rules around storage etc. 

I'd guess they've just contracted that stuff out to their payment service provider. These types of companies are normally far more secure than places like the SFA. 

I'll see if I can dig out the stuff I did years ago when doing this for Scottish Water. 

Link to comment
Share on other sites
OLAS

OLAS

Posted
Posted

This has occurred due to a third-party email database being compromised.

MailChimp hasn't been hacked... https://twitter.com/search?f=tweets&vertical=default&q=mailchimp&src=typd

SFA seem to be shifting the blame.   Regan has likely been looking at amputee midget porn and had his computer compromised and passwords snatched, which was then used on MailChimp to send out this email to every subscriber. 

Link to comment
Share on other sites
Shed_Tartan_Army_Yeah

Shed_Tartan_Army_Yeah

Posted
Posted

http://www.bbc.co.uk/news/uk-scotland-glasgow-west-38205992

 

Thousands of football fans were sent a scam email asking them to pay a bill after a Scottish Football Association database was apparently hacked.

An invoice for £170 was sent to subscribers to the Scotland National Team mailing list just after 09:00.

The email - addressed "Dear Customer" - provided a link for payment, which was a disguised website address.

The SFA said a third-party email database had been compromised and urged recipients to delete the email.

Its statement said: "We would like to apologise to those who have received a spoof email this morning purporting to be from the Scottish FA."

It recommended that anyone who may have opened it run a security check on their computer to ensure no malware had been installed.

Virus fears

It said: "We would like to assure all supporters that no bank or credit card details have been shared.

"We have moved to delete this account and the issue has been raised with our suppliers.

"We will provide an update in early course."

Fans on message boards suggested that clicking on the link within the scam email could infect computers with a virus and leave them out of pocket.

The email contained links identical to those sent on official communications to supporters and were signed off as being from the "Accounts Department" of the Scotland Supporters Club.

The group - which gives members access to away tickets for Scotland matches - currently has 29,231 members.

Link to comment
Share on other sites
aaid

aaid

Posted
Posted
8 minutes ago, OLAS said:

 

 

MailChimp hasn't been hacked... https://twitter.com/search?f=tweets&vertical=default&q=mailchimp&src=typd

SFA seem to be shifting the blame.   Regan has likely been looking at amputee midget porn and had his computer compromised and passwords snatched, which was then used on MailChimp to send out this email to every subscriber. 

More likely they just guessed his password was 1luvGord0n

Link to comment
Share on other sites
CNelson

CNelson

Posted
Posted
1 minute ago, scoobydoo said:

I'd be more concerned about this. Who are the SFA selling your information to?

Mailchimp, just an application for sending out emails to their mailing list. Not selling as such but Mailchimp stores your mailing list and makes it easy for your to send out campaign emails.

Link to comment
Share on other sites
scoobydoo

scoobydoo

Posted
Posted (edited)
2 minutes ago, CNelson said:

Mailchimp, just an application for sending out emails to their mailing list. Not selling as such but Mailchimp stores your mailing list and makes it easy for your to send out campaign emails.

yeah, I'm believing that the caring SFA will only sell your info to an email sharing outfit.

 

That Regan looks like he'd be into donkey porn too. A definite no-righter.

Edited by scoobydoo
Link to comment
Share on other sites
Chesney TA

Chesney TA

Posted
Posted
1 hour ago, wanderer said:

Not a expert, but speaking to a friend who does the IT for his company.

He does not think there is anything to be majorly worried about (in terms of your personal details) as details like that should be on a totally different database. As non-SSC members are getting this, it's more likely that the email server has been hacked and someone has sent out a email to everyone on that database.

If there was more personal details to hand, then there would be a more personal feel to the email (fact they have not even bothered to look up a Glasgow number seem to hint this was a rush in and out job).

"Not a expert"

You should prefix all of your posts with that.

Link to comment
Share on other sites
Ally Bongo

Ally Bongo

Posted
Posted
13 minutes ago, dandydunn said:

How do I get my money back?

Looks like I'm the only one to fall for it. 

PM me your bank card number, expiry date and 3 digit security number and i'll ensure my contact at the SFA transfers the money to you ...

Link to comment
Share on other sites
DOUBLE A

DOUBLE A

Posted
Posted
34 minutes ago, dandydunn said:

How do I get my money back?

Looks like I'm the only one to fall for it. 

Think Ally Bongo is trying to scam you so 

 

 

PM me your bank card number, expiry date and 3 digit security number and i'll ensure my contact at the SFA transfers the money to you ...

Link to comment
Share on other sites
Parklife

Parklife

Posted
Posted
1 hour ago, scoobydoo said:

That Regan looks like he'd be into donkey porn too. A definite no-righter.

Is donkey porn donkeys shagging each other, donkeys shagging people, or people shagging donkeys? Asking for a friend.

1 hour ago, Chesney TA said:

"Not a expert"

You should prefix all of your posts with that.

:lol: 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Go to topic listing


×
×
  • Create New...