Skip to main content

Subway customers complain they're being served up phishing emails

Hook on Keyboard
(Image credit: wk1003mike / Shutterstock )

Subway UK has admitted that a hacked server has been sending customers phishing emails. The spam messages supposedly contained information about a Subway order that had been placed by the customer, accompanied by a malicious Excel attachment.

"Having investigated the matter, we have no evidence that guest accounts have been hacked,” a Subway spokesperson told BleepingComputer. “However, the system which manages our email campaigns has been compromised, leading to a phishing campaign that involved first name and email. The system does not hold any bank or credit card details."

Subway went on to reveal that all compromised systems were promptly isolated and sensitive customer data was not accessed. The fast-food company has also sent emails to all the affected customers, informing them that their first and last names were exposed during the phishing attack.

A spam sandwich

It is not currently clear how many Subway customers have been affected but fortunately, there are a few simple steps that victims can take to safeguard their devices. If they did open the malicious Excel document contained within the Subway phishing email, they should first look for a process named 'Windows Problem Reporting' in the Task Manager and terminate it. Then, they should run antivirus software to make sure any malicious programs are removed.

Although phishing campaigns have been commonly employed throughout 2020, the emails used by attackers do not usually come from legitimate company email accounts. This gave the Subway scam an added air of authenticity.

Usually, attackers simply mimic the look and branding of well-known companies when sending phishing emails. Amazon, Adobe, and a host of other organizations have all seen their names leveraged as part of successful phishing campaigns.

Via BleepingComputer