Classic Football Shirts warns customers of scam

  • Published
Football shirts on a rackImage source, Getty Images

A firm selling retro football team shirts and merchandise has apologised to customers after a cyber-security attack accessed their data.

Classic Football Shirts said customers' details had been accessed through one of its third party providers' systems.

Some customers complained of receiving emails offering cashback on their previous orders.

The firm is now telling customers not to follow the link if they have received the cashback phishing email.

Classic Football Shirts said it became aware of the cashback emails at 20:30 on Thursday night - half an hour after they were sent.

The firm believes password data and payment information has not been compromised.

But in a Twitter post, the company urged customers to be "vigilant" and contact their bank to cancel their cards if they supplied their card information on the link from the cashback form.

Image source, Getty Images

The clothes business said payment information was "never stored on their system" and apologised for the "inconvenience caused".

But many customers commented with concern that scammers were able to access their names, addresses, email addresses and order history.

This Twitter post cannot be displayed in your browser. Please enable Javascript or try a different browser.View original content on Twitter
The BBC is not responsible for the content of external sites.
Skip twitter post by Graham Lewis

Allow Twitter content?

This article contains content provided by Twitter. We ask for your permission before anything is loaded, as they may be using cookies and other technologies. You may want to read Twitter’s cookie policy, external and privacy policy, external before accepting. To view this content choose ‘accept and continue’.

The BBC is not responsible for the content of external sites.
End of twitter post by Graham Lewis

Some customers commented that they became aware it was a phishing email after noticing an extra "s" in the email address:@classicsfootballshirts.co.uk

Others, after placing an order had noticed that the email offering cashback was from orders@classicsfootballshirts.co.uk rather than classicfootballshirts.co.uk.

One customer, Fernando Paredes, told the BBC he saw that $700 (£504) was taken from his account. He cancelled the credit card and his bank is investigating the transaction.

Mr Paredes bought a football shirt from the online store on 14 March to be shipped to his address in Peru. He says received the phishing email and did not notice the extra "s".

"The company did well making a statement about the breach," he adds, but says he is still "concerned about the third party provider's systems".

Customers also commented that it was "unprofessional" and that they were "worried" that their information was not properly protected.

This Twitter post cannot be displayed in your browser. Please enable Javascript or try a different browser.View original content on Twitter
The BBC is not responsible for the content of external sites.
Skip twitter post 2 by Vincetelo Ragazzi 🇮🇹

Allow Twitter content?

This article contains content provided by Twitter. We ask for your permission before anything is loaded, as they may be using cookies and other technologies. You may want to read Twitter’s cookie policy, external and privacy policy, external before accepting. To view this content choose ‘accept and continue’.

The BBC is not responsible for the content of external sites.
End of twitter post 2 by Vincetelo Ragazzi 🇮🇹

Classic Football Shirts did not immediately respond to the BBC with an estimate of how many customers had been affected.

The Manchester-based firm was started in 2006 by two students. Its website says it has the world's largest collection of football shirts, with a product range of 30,000 individual items and more than 500,000 units available in stock.