Expert Comments

Subway Customers Receive ‘Malware’ Emails – Expert Advice

Expert(s):
Expert(s):

It’s been reported that Subway customers in the UK are receiving scam emails as part of a phishing attack. The emails also use the victims’ names and appear to come from the chain’s Subcard loyalty scheme.

Experts Comments

Dot Your Expert Comments
Colin Bastable
December 14, 2020
CEO
Lucy Security

People in the UK are going to get more than their lunchtime “sarnie”* delivered.
This is an elaborate attack. People in the UK are going to get more than their lunchtime “sarnie”* delivered. It's another reminder that security awareness training, with macro downloads and ransomware simulations, can considerably reduce the risk of social engineering attacks. To stay one step ahead, security teams should also look to war-game ransomware attacks, i.e. test what happens if an employee falls for an attack like the Subway one. By running "what-if" scenarios, where.....Read More
This is an elaborate attack. People in the UK are going to get more than their lunchtime “sarnie”* delivered. It's another reminder that security awareness training, with macro downloads and ransomware simulations, can considerably reduce the risk of social engineering attacks. To stay one step ahead, security teams should also look to war-game ransomware attacks, i.e. test what happens if an employee falls for an attack like the Subway one. By running "what-if" scenarios, where companies simulate the hundreds of tools employed by hackers, security teams can discover exactly what happens if an employee executes a malicious file, and proactively address system vulnerabilities in their network infrastructure before a real malware attack occurs." *(colloquial English for sandwich  Read Less
Ed Macnair
December 14, 2020
CEO
Censornet

To stop this they should treat email data as sensitive information and an extra layer of account security as a bare minimum.
This is an example of why email data is so dangerous in the hands of cybercriminals. Customer databases are a treasure trove for criminals looking to launch widespread phishing campaigns, exploiting the fact that these customers already know the brand and are therefore more likely to trust the email and click through to the malware. This attack demonstrates the implications of not sufficiently protecting valuable customer email information. For cybercriminals, email campaigns have proved such.....Read More
This is an example of why email data is so dangerous in the hands of cybercriminals. Customer databases are a treasure trove for criminals looking to launch widespread phishing campaigns, exploiting the fact that these customers already know the brand and are therefore more likely to trust the email and click through to the malware. This attack demonstrates the implications of not sufficiently protecting valuable customer email information. For cybercriminals, email campaigns have proved such an effective and easy method of malware deployment over the past decade, if a company lets its database fall into the hands of an attacker they are putting their customers at serious risk. To stop this they should treat email data as sensitive information and an extra layer of account security as a bare minimum, such as multi-factor authentication, to ensure that only those who should have access to an email database can access it.  Read Less

Dot Your Expert Comments


Only for registered and approved experts. Please register before providing comments. Register here
* By using this form you agree with the storage and handling of your data by this web site.
Submit
0
FacebookTwitterLinkedinWhatsappEmail

You may also like

15 Schools Hit By Cyberattack In Nottinghamshire

Qualys Hit With Ransomware And Customer Invoices Leaked

Experts Reaction On PrismHR Hit By Ransomware Attack

Expert Insight On Ryuk’s Revenge: Infamous Ransomware Is Back And...

ObliqueRAT Trojan Lurks On Compromised Websites – Experts Comments

Microsoft Multiple 0-Day Attack – Tenable Comment

Experts Reaction On Malaysia Airlines 9 Years Old Data Breach

IoT Security In The Spotlight, As Research Highlights Alexa Security...

Oxfam Australia Confirms ‘Supporter’ Data Accessed In Cyber Attack

Expert Reaction On Solarwinds Blames Intern For Weak Passwords