Skip to main content

Subway customers complain they're being served up phishing emails

Hook on Keyboard
(Image credit: wk1003mike / Shutterstock )
Audio player loading…

Subway UK has admitted that a hacked server has been sending customers phishing (opens in new tab) emails. The spam messages supposedly contained information about a Subway order that had been placed by the customer, accompanied by a malicious Excel attachment.

"Having investigated the matter, we have no evidence that guest accounts have been hacked,” a Subway spokesperson told BleepingComputer (opens in new tab). “However, the system which manages our email campaigns has been compromised, leading to a phishing campaign that involved first name and email. The system does not hold any bank or credit card details."

Subway went on to reveal that all compromised systems were promptly isolated and sensitive customer data was not accessed. The fast-food company has also sent emails to all the affected customers, informing them that their first and last names were exposed during the phishing attack.

A spam sandwich

It is not currently clear how many Subway customers have been affected but fortunately, there are a few simple steps that victims can take to safeguard their devices. If they did open the malicious Excel document contained within the Subway phishing email, they should first look for a process named 'Windows Problem Reporting' in the Task Manager and terminate it. Then, they should run antivirus software to make sure any malicious programs are removed.

Although phishing campaigns have been commonly employed (opens in new tab) throughout 2020, the emails used by attackers do not usually come from legitimate company email accounts. This gave the Subway scam an added air of authenticity.

Usually, attackers simply mimic the look and branding of well-known companies when sending phishing emails. Amazon (opens in new tab), Adobe (opens in new tab), and a host of other organizations have all seen their names leveraged as part of successful phishing campaigns.

Via BleepingComputer (opens in new tab)

Barclay has been writing about technology for a decade, starting out as a freelancer with ITProPortal covering everything from London’s start-up scene to comparisons of the best cloud storage services.  After that, he spent some time as the managing editor of an online outlet focusing on cloud computing, furthering his interest in virtualization, Big Data, and the Internet of Things.