Subway customers targeted by hackers – what to look out for

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being.


Subway customers in the UK were targeted by hackers, it has been revelaed.

Malware called TrickBot was found in dangerous links included in phishing emails sent to a number of Subcard loyalty card holders, which customers were encouraged to click.

The emails, which were reported by computer security site, Bleeping Computer, used subject lines like “Your order is being processed” and “We’ve received your order.” The address the malicious messages were sent from was [email protected]

The scam emails direct the recipients to click on links, which say, “Your order documents are ready and awaiting confirmation. See also Order Insurance Documents.”

Bleeping Computer explains that “these links lead to various hacked websites that will bring you to a ‘FreshBooks’ phishing page when clicked on.”

What is TrickBot?

“When installed, TrickBot performs a variety of malicious behaviour, including spreading through a network, stealing saved credentials in browser, steaking Active Directory Services databases, stealing cookies and OpenSSH keys, stealing RDP, VNC, and PuTTY Credentials, and much more,” explained Bleeping Computer.

“Even worse, TrickBot partners with ransomware operators, such as Ryuk, to access a compromised network to deploy ransomware.”

What has Subway said?

On Twitter, the official Subway account replied to a tweet from a customer regarding the email.

The customer said, “@SUBWAY @SubwayUK Got an email from your Subcard address regarding an order and insurance docs to download? You might want to look into this as it’s evident other people have had it as well?”

Subway replied, writing, “Thanks for bringing this to our attention, we are aware of some disruption to our email systems and understand some of our guests have received an unauthorised email.

“We apologise for any inconvenience, as a precautionary measure, please delete the email.”

Source…