Thursday 23 July 2020 18:00, UK
Football clubs have been urged to review their cyber security before this summer's transfer window after a Premier League club nearly lost £1m in a hacked deal.
The National Cyber Security Centre has praised the club after it shared details of the 'spear phishing' attack in a new report on the cyber threat to sports organisations.
The club director, who has not been identified, suffered a 'fairly recent' attack after their email details were cloned and impersonated in a transfer deal with a European club.
The deal was agreed but the account had a fraud marker against it and the bank refused the payment.
The club and Football Association were informed of the fraudulent agreement.
"These things can happen to anyone," Sarah Lyons, deputy director of the National Cyber Security Centre, told Sky Sports News. "Sports organisations are attractive targets for cyber criminals.
"The managing director was a victim of clicking on a targeted email, which took them to a spoof page, where they entered their email and password credentials, allowing the criminals then to gain access and to act as if they were the managing director.
"The attackers had a good understanding of what was happening within the club, when the transfer windows were and how the money could flow so that they could identify how best to try and make their attack.
"It's fairly recent but it's very good that the club have shared it to help prevent others from falling victim to this kind of attack."
The National Cyber Security Centre, part of GCHQ, has also warned clubs that cyber criminals are attempting to disrupt matches after an EFL club nearly postponed a game because hackers closed down their stadium CCTV and turnstiles.
The unnamed EFL club suffered a significant 'fairly recent' ransomware attack and refused to pay a bitcoin ransom.
"I'm pleased to say they've learned a lot of lessons," said Lyons. "Their systems were held to ransom. When they refused to pay the ransom their IT estate, their CCTV, their turnstiles were made non-operational by the attackers. So, they could indeed have had to cancel the match.
"It's not an uncommon problem, as organisations develop their IT, one system is connected to another system. These day-to-day attacks can have a really significant effect on the finances of the clubs involved.
"Ransomware is a very common method of attack for cyber criminals, so I'd be very surprised if it was a one-off."
