Skip to content

Classic Football Shirts’ customers targeted following cyber attack

⚽️ Classic Football Shirts (CFS) have warned their customers about phishing emails offering discounts and cashback on their orders. It follows a reported cyber attack that lead to a breach of customer data at a third party.

⚽️ The Company, which sells retro football shirts, offers “sincere apologies” to customers after it appears there may have been a data breach at one of the company’s suppliers. Their 9th July 2021 statement posted on Twitter reads: “after further analysis are confident that the data was accessed from one of our third party provider’s systems which sits outside of our own systems and we believe this took place within the last few weeks since the scam website was created on the 25th June 2021.”

⚽️  Screenshot below is taken from the @classicshirts Twitter account:

Classic football shirts breach notice twitter

What information was stolen in the Classic Football Shirts cyber attack?

⚽️ Customer order information including order ID, name, email address and postal address has been accessed in Classic Football Shirts cyber attack. The scammers have then used the data obtained in the breach to craft convincing phishing emails to encourage customers to provide bank details to receive cashback on their orders. The BBC has reported that victims claim huge sums have been taken from their bank accounts after falling for the phishing email.

⚽️ Screenshot of the phishing email included below, taken from BBC News website:

Classic Football Shirts Phishing Scam Email Discount Offer

⚽️ The scammers have put a lot of effort into this one. They’ve even used an email address that is just one character different to the legitimate Classic Football Shirts emails address:

Legitimate email domain:

@classicfootballshirts.co.uk

Scammer email domain:

@classicsfootballshirts.co.uk

Notice the extra ‘s’??? 👀

Tactics used in the Classic Football Shirts phishing emails

⚽️ To encourage clicks, the scammers have also used these tactics to build trust and increase the likelihood of someone becoming a victim of the phishing scam:

  • included the customer’s name
  • email sent following a purchase
  • urgency as the promotion only lasts 3 days
  • offering a prize
  • Classic Football Shirts email signature

What to do if you’ve received a Classic Football Shirts phishing email

⚽️ If you’ve received a scam phishing email, do not click the links. You should block the email address and delete it. If you’ve clicked a link in a phishing email and provided your personal or bank details, contact your bank immediately to let them know. You should also report this to Action Fraud. Remember to be vigilant of further phishing emails that may be targeted at you, using the information stolen in this attack.

⚽️ Report scam emails by forwarding them to report@phishing.gov.uk.