Subway customers complain they're being served up phishing emails
Fast-food chain is blaming a hacked server for dodgy emails
Subway UK has admitted that a hacked server has been sending customers phishing emails. The spam messages supposedly contained information about a Subway order that had been placed by the customer, accompanied by a malicious Excel attachment.
"Having investigated the matter, we have no evidence that guest accounts have been hacked,” a Subway spokesperson told BleepingComputer. “However, the system which manages our email campaigns has been compromised, leading to a phishing campaign that involved first name and email. The system does not hold any bank or credit card details."
Subway went on to reveal that all compromised systems were promptly isolated and sensitive customer data was not accessed. The fast-food company has also sent emails to all the affected customers, informing them that their first and last names were exposed during the phishing attack.
- Keep your devices virus-free with the best malware removal software
- And here's our round of the best ransomware protection tools
- We've also put together a list of the best antivirus software available
A spam sandwich
It is not currently clear how many Subway customers have been affected but fortunately, there are a few simple steps that victims can take to safeguard their devices. If they did open the malicious Excel document contained within the Subway phishing email, they should first look for a process named 'Windows Problem Reporting' in the Task Manager and terminate it. Then, they should run antivirus software to make sure any malicious programs are removed.
Although phishing campaigns have been commonly employed throughout 2020, the emails used by attackers do not usually come from legitimate company email accounts. This gave the Subway scam an added air of authenticity.
Usually, attackers simply mimic the look and branding of well-known companies when sending phishing emails. Amazon, Adobe, and a host of other organizations have all seen their names leveraged as part of successful phishing campaigns.
- We've highlighted the best email services on the market
Via BleepingComputer
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Barclay has been writing about technology for a decade, starting out as a freelancer with ITProPortal covering everything from London’s start-up scene to comparisons of the best cloud storage services. After that, he spent some time as the managing editor of an online outlet focusing on cloud computing, furthering his interest in virtualization, Big Data, and the Internet of Things.