revolutioniseSPORT - logo is lowercase revolutionise in a curvy medium-weight sans serif font, followed by uppercase SPORT in a much thinner sans serif font, with the first letter O in revolutionise replaced with a cog.
Photo accompanying publication

Spotting a Phish- Cyber Security for Committees

View all · 29 Jan 2026 · revolutioniseSPORT
Nicholas Watkins Nicholas Watkins

Phishing: The Most Common Cyber Threat Facing Sporting Clubs

Most cyber incidents affecting sporting clubs aren’t the result of sophisticated hacking. They’re caused by phishing.

Phishing is when someone pretends to be a trusted person or organisation to trick you into clicking a link, opening an attachment, or sending money or information.

And clubs are prime targets.

Why? Because clubs are built on trust, urgency, and volunteers doing their best with limited time.

What Phishing Looks Like Today

Phishing attempts aren't as easy to spot as they once were.

Modern phishing is increasingly targeted, researched, and convincing, often using AI tools to copy real people, real organisations, and real writing styles.

Attackers will often:

  • Look up who is on your committee via websites or social media
  • Identify regular suppliers like uniform providers, umpires, or venues
  • Copy your club logo, colours, and branding
  • Create email addresses that look almost identical to real ones

You might receive an email that:

  • Appears to come from your President, Treasurer, or Secretary
  • Uses your club name, logo, and correct terminology
  • Refers to a real event, invoice, or upcoming payment

In other words, phishing today doesn’t always look “dodgy”.

That’s why the biggest risk is not carelessness.

It’s trust combined with urgency.

And why taking a moment to pause and verify is one of the most important governance habits a club can build.

How to “Spot a Fish” 

Here are some simple, practical ways to identify phishing attempts before they cause damage.

1. Check the sender carefully

Look beyond the display name. Hover over or tap the email address.
A single extra letter or unusual domain is a red flag.

2. Be wary of urgency

“ASAP”, “urgent”, or “can’t talk right now” are classic phishing tactics.
Real emergencies can wait five minutes for verification.

3. Watch for tone changes

Does the message sound like the person you know?
Phishing emails often feel slightly off. Too formal, too emotional, or oddly worded.

4. Don’t trust links or attachments automatically

If you weren’t expecting it, don’t click it.
Especially for invoices, payment changes, or login requests.

5. Verify through another channel

If in doubt, pick up the phone or send a new email (not a reply).
Checking is smart governance, not paranoia.

6. Never share passwords or user profiles

No legitimate organisation will ask for your password or multi-factor code.
Nor should clubs rely on shared login access to their digital platforms. 

Why This Matters for Committees

One compromised account can:

  • Expose member data
  • Result in financial loss
  • Lock the club out of key systems
  • Create serious governance and trust issues

This isn’t about blame. It’s about recognising that volunteers are being targeted because they care and want to help.

The Most Important Defence: Culture

The strongest protection against phishing isn’t technology. It’s culture.

A good club culture encourages volunteers to:

  • Pause before acting
  • Ask questions without embarrassment
  • Double-check unusual requests
  • Speak up when something feels wrong

Cybersecurity doesn’t need to be scary or technical. It simply needs to be embedded in your culture.