Police have been called in to investigate claims by Bradford City fans that they have been victims of fraud after they bought tickets to the play-off final online.

The Telegraph & Argus has received a stream of complaints from City fans claiming that fraudsters have hacked into their credit card accounts after they bought online tickets for the play off final.

A vicar and a probation officer were among those who contacted the T&A.

It was also revealed that fans of Brentford, who play Yeovil in the League One play off final, have been stung by similar fraudulent payments from their accounts after booking tickets online. Brentford fans were alerted online by City supporters.

In both cases, the clubs used third party ticketing agency Ticketzone.

In 2010, Swindon Town fans complained of similar fraudulent activities after booking tickets through Ticketzone for their play off final.

Probation officer David Hartley, 56, of Sycamore Avenue, Bingley, booked two tickets last Friday for City’s Wembley showdown. But he received a call on Wednesday from Apple Computers in Dublin, querying the purchase of a £499 iPad through his First Direct Bank credit card.

Mr Hartley said: “I had not bought it. I contacted my bank to find there was another payment due to Hewlett Packard for a £450 laptop, which I also hadn’t bought.

“There are 5,000 City fans talking about this scam and it is affecting a lot of people.

“Ticketzone told me they are investigating, but they seem to have a problem that keeps occurring.

“The company is just as much a victim because it is being used. But this is a criminal matter, it should be handled by police and not an internal investigation by the organisation. Ticketzone should report the matter to police.”

Another victim was the Reverend Dale Barton, of St Clement’s Church, in Barkerend, Bradford.

He said: “My credit card company rang up to query transactions for £1,900 worth of furniture and £998 worth of other online purchases. Both transactions were fraudulent.”

Last night a Ticket Zone spokesman said police had been called in to investigate what its extensive inquiries had indicated was a “man in the middle” attack where customers’ details were being intercepted and copied before their details reached a queuing site it uses which is operated by a Danish company.

Checks on Ticket Zone’s website and protective infrastructure had shown all data was found to be clean and protected.

The spokesman said: “All investigations point towards a MITM “man in the middle” attack intercepting internet traffic prior to landing on the queuing site.

“An attack like this would allow a fraudulent third party to record key strokes as they are being made on the customer’s own browser. Neither the customer nor Ticket Zone is aware that fraudulent data capture is taking place behind the scenes. The crime has been reported to the police.”