Topical hacking

Let’s roll back a week when everything was rosy in the English garden – well, at least in terms of football. The nation was on a high as a victory over Denmark in the European Championships Semi-Final would see the country take on Italy for the right to be proclaimed Champion of Europe. Talk was of trying to find tickets and replica shirts, both as rare as an England appearance in the final itself.

With little chance of finding a current replica shirt, unless you were a politician where it seemed you only had to stand in front of a camera to get a “box fresh” one, complete with creases, fans looked at the next best thing and went retro. Like any sporting side, there have been a fair few terrible kit designs over the years mixed in with a few design classics. Thankfully, most of the latter (and some of the former), have been produced again and sold through websites over the last few years. In fact, the retro sporting shirt market is probably as strong today as it ever has been, with many fans shunning the incredibly expensive new shirts and preferring the bygone day look.

One company that has been providing this retro shirts for many years is Classic Football Shirts. They offer a fantastic range of replica shirts (over 30,000 different shirts), at decent prices and are an example of a small business that has found its niche and become quite big (remember my adage of “Get Big, Get Niche or Get Out”? Here’s an example of how being niche can lead to growing big). With the whole nation becoming gripped with football fever, what better time to buy a retro shirt?

Sensing the demand out there, as if by magic emails started appearing in inboxes from the company offering a 15% cash back on previous orders to customers – what a fantastic gesture. Except it wasn’t from Classic Football Shirts. The emails looked like they were but there were some tell-tale signs that it wasn’t from them. The emails were phishing attempts, looking to cash in on the football euphoria and a short supply of the replica England shirts.

The email address it came from had an extra “s” in – classicsfootballshirts.co.uk – a domain name registered on the 25th June and at first glance doesn’t raise any red flags. The email itself contained poor grammar that should have been a warning sign for a scam but many customers, not based in the UK or who may not be fluent in English, it was an offer too good to miss. All they needed to do was click on a link in the email and complete the form to get their 15% cash back.

The firm reacted quickly when it became aware of the issue (within 30 minutes of emails being received by customers), promising an immediate investigation. They took the correct course of action in contacting the authorities and informing customers of the situation. What is clear is this was a very deliberate and targeted attack, with the fraudsters taking advantage of the footballing euphoria in the country. The domain name still appears to be registered although any website attached to it has been removed.

Whilst there are still ongoing investigations on the source of the attack and what data was used by the scammers, it is a timely reminder to all of us about taking a moment to check any similar offers that appear to be too good to be true. In this case, asking yourself why the company would simply be giving free money away, rather than discounting future orders for instance? It doesn’t matter how small or big an organisation is – one of their core objectives is to make money and giving it away is contrary to that strategy.

A week on and we are all footballed out. The bunting has come down, the wallcharts put away and those little flags you attach to the windows in your car lay discarded on roads up and down the country. Security incidents like this remind us that no firms are safe from the eyes of the fraudsters and that we, as consumers, need to be cautious about any too good to be true offers we receive. In doing so we all become part of the solution rather than the growing problem of online fraud.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s