Customers of American fast-food chain, Subway, in the UK are receiving scam emails as part of a phishing attack. The emails claim to be an order confirmation from the fast-food chain and contain links to malware.
The emails contain the names of the victims, and they appear to come from the company’s Subcard loyalty scheme.
Subway had initially acknowledged the problem and says there’s no evidence its guest accounts were compromised. It also acknowledges a compromise of its email system.
Also read:
– IBM Security Researchers Reveal Global Phishing Campaign Against COVID-19 Vaccine Distribution Chain
– GitHub Fixes ‘High’ Severity Security Lapse Reported By Google Project Zero
– PerSwaysion Hack Campaign: More Than 150 Top Company Executives Victims Of Email Phishing Attacks
“Having investigated the matter, we have no evidence that guest accounts have been hacked. However, the system which manages our email campaigns has been compromised, leading to a phishing campaign that involved first name and email. The system does not hold any bank or credit card details. Crisis protocol was initiated and compromised systems locked down. The safety of our guests and their personal data is our overriding priority and we apologise for any inconvenience this may have caused,” Subway said in a statement.
Computer security news site, Bleeping Computer, was first to report finding a TrickBot Malware in the malicious links the phishing email encourages Subway customers to click.
Trickbot is designed to steal personal information from infected computers. The malware can also install other viruses and ransomware on the said computer.
The email links to fake documents that supposedly need confirmation. They include insurance documents for the sandwich, which suggests that the attack is built on an existing scam. The documents include an Excel spreadsheet download, which will later ask the users to enable additional features that install the virus.
For your daily dose of tech, lifestyle, and trending content, make sure to follow Plat4om on Twitter @Plat4omLive, on Instagram @Plat4om, on LinkedIn at Plat4om, and on Facebook at Plat4om. You can also email us at info@techtalkwithtdafrica.com and join our channel on Telegram at Plat4om. Finally, don’t forget to subscribe to our YouTube channel HERE.