Subway marketing system hacked to send TrickBot malware emails

[silversurfer]

Content source

https://www.bleepingcomputer.com/news/security/subway-marketing-system-hacked-to-send-trickbot-malware-emails/

Subway UK has disclosed that a hacked system used for marketing campaigns is responsible for the malware-laden phishing emails sent to customers yesterday.
Starting yesterday, Subway UK customers received strange emails from 'Subcard' about a Subway order that was placed. Included in the email were links to documents allegedly containing confirmation of the order.
After analyzing these phishing emails, it was discovered that they were distributing malicious Excel documents that would install the latest version of the TrickBot malware.

"Having investigated the matter, we have no evidence that guest accounts have been hacked. However, the system which manages our email campaigns has been compromised, leading to a phishing campaign that involved first name and email. The system does not hold any bank or credit card details."
"Crisis protocol was initiated and compromised systems locked down. The safety of our guests and their personal data is our overriding priority and we apologise for any inconvenience this may have caused," Subway said in a statement to BleepingComputer.

Subway marketing system hacked to send TrickBot malware emails

Subway UK has disclosed that a hacked system used for marketing campaigns is responsible for the malware-laden phishing emails sent to customers yesterday.

www.bleepingcomputer.com

 

[oldschool]

A lesson in good computing habits: Signing up for this kind of junk always increases your exposure to these threats, especially with an outfit like this. Is it really worth the convenience and/or some imagined savings?

 

[bayasdev]

A lesson in good computing habits: Signing up for this kind of junk always increases your exposure to these threats, especially with an outfit like this. Is it really worth the convenience and/or some imagined savings?

On my country (Ecuador) due to poor/non-existent privacy laws most big retail companies sell their clients' email adresses to marketing companies and they suscribe you to all kind of random spam lists without your consent, not to be surprised that the $1B marketing company Outreach was founded by an ecuadorian guy.

By the way, on 2019 another ecuadorian marketing company Novaestrat was breached and hackers leaked a 18GB database containing the personal information of every ecuadorian citizen.

Report: Ecuadorian Breach Reveals Sensitive Personal Data

vpnMentor's research team has found a large data breach that may impact millions of individuals in Ecuador. The leaked database includes over 20 million individuals. Led by

www.vpnmentor.com

So the moral of the history here is avoid at all costs giving your personal information when visiting Ecuador

 

[ForgottenSeer 89360]

It might be worth in that case, such as in Ecuador to use temporary email addresses when signing up to not-so-trustworthy places. Or maybe you can use one dedicated email only for that, like I do.

You can get a disposable email here (tried and tested):

https://temp-mail.org/

 

[ForgottenSeer 85179]

It might be worth in that case, such as in Ecuador to use temporary email addresses when signing up to not-so-trustworthy places. Or maybe you can use one dedicated email only for that, like I do.

You can get a disposable email here (tried and tested):

https://temp-mail.org/

Another one is: anonbox - from Chaos Computer Club

 

[bayasdev]

It might be worth in that case, such as in Ecuador to use temporary email addresses when signing up to not-so-trustworthy places. Or maybe you can use one dedicated email only for that, like I do.

You can get a disposable email here (tried and tested):

https://temp-mail.org/

The problem it's that the govt banned paper invoices to "save the earth" and all invoices are now digital