back to article Subway email weirdness: Suspicion grows over apparent Trickbot trojan delivery campaign

Subway patrons in the UK received suspicious emails this morning and infosec researchers fear this is linked to the theft of customer details – and a Trickbot malware campaign. "I've just had an email purporting to be from Subway (the sandwich people) and sent to an address used only for Subway," Reg reader Alan told us. He …

  1. Version 1.0 Silver badge

    XLS is a delivery scheme

    I see XLS related email deliveries all the time now, it's clearly become a very popular virus/hacking method, the spreadsheets deliver malware.

  2. Alistair

    Can I have the phootlong phish phillay.

    Phishing email delivered via commercial services. There are *layers* of upfcuk in this misfire.

    Meantime, the phishers are just after yer bacon.

  3. HellDeskJockey
    Black Helicopters

    It's gotten so bad that if I am not expecting an attachment it's suspicious. Even from people I know and do business with. As one or two of them have been compromised. These days paranoia is a good thing when it comes to emails.

    1. Doctor Syntax Silver badge

      Sometimes (presumed) legitimate businesses seem to go out of their way to look suspicious. It certainly makes life easier for the real phishers.

      I just ordered a book on eBay. Apart from the normal communications via eBay they've so far sent two completely unnecessary emails from their own domain via a 3rd party mailer with a 4th party non-read reply address. The first is a long email about their T&Cs - bollocks because eBay's T&Cs apply - with a PDF alleged to be a cancellation form. The second contains PDFs alleged to be their invoice and return slip (any returns would be handled by eBay's system). All for a book costing less than 3 quid.

      Either this business, which claims to be one of the largest of its kind in Germany, hasn't got the hang of selling via eBay or they too have been got at.

      1. needmorehare

        Security companies are sus too

        Trend Micro legitimately send people HTML attachments. Problem is, local HTML files are exempt from sandboxing if you have IE as a default browser, which some people still might.

      2. Colin Bull 1

        Trying too hard.

        3 days ago when got up had missed 0845 call on mobile and landline. Checked no on Google and most sites stated spammers purporting to be Nationwide . Later that day had another call from same number. They stated they were Natiowide and to press 1 to continue. Pressed 1, said press 5. Pressed 5 . Message stated my year of birth and asked for day an month. I thought if they already know year not hard to get DM so I entered. Then got message telling me about late payment on Credit card. Hung up, went online and CC payment had been missed. (Not received first statement) .

        Question. This would have taken a lot of programming to configure. Why not just send text or email as they have both on online account. Hundreds of people think this is not genuine and it is absolutely not neccessary.

  4. Howard Sway Silver badge

    Subway email weirdness

    It seems a little weird to be giving your email address to a sandwich shop anyway. Are you desperate to hear about exciting new Brie concoctions? Ditto sandwich shop apps. But then I used to buy my sandwiches from Greggs when I last worked in an office, and the act of buying a much cheaper, but fresh and tasty sarnie, rather than one from the outlets considered fashionable by the iPhone owning trendies, was looked upon with incredulity by the most ad-deluded of them, almost as if I'd just told them I lived in a cave.

    1. Lost in Cyberspace

      Re: Subway email weirdness

      I gave a unique email address when I signed up for an account with Subway... the loyalty scheme is fairly generous. If I'm buying for the family, I may as well rack up enough points for 'free' subs, cookies and coffee.

      The online account / app usually beats carrying a Subcard around just in case we stop at Subway on the services.

      1. Anonymous Coward
        Anonymous Coward

        Re: Subway email weirdness

        Logistically, how are you setting up / keeping track of per-account email addresses?

        I've tried before but it has ended up awkward

        1. ItsMeDammit

          Re: Subway email weirdness

          This is very simple if you have your own domain - if I were to frequent Subway and wanted to receive their promotions I would simply give my address as Since very few of these requests for my email are of any interest to me at all they go to a simple catch-all address which I look at occasionally.

          If I ever get junk mail of any sort and want to know who has been breached or sold my details I simply look at the address it was sent to then silently delete any further emails sent to that address by the application of a simple filter rule.

  5. Doctor Syntax Silver badge

    There seems to be a bit missing from the Subway statement. The bit where they say they've informed the ICO.

    1. Qumefox

      It depends on where the breach happened. If it was on subway's end, yes, it's their responsibility. However if it happened on the end of whatever marketing firm this is, then it's the marketing firm's problem.

      1. Doctor Syntax Silver badge

        It might or might not have been the marketing firm's breach but its Subway's customer data so its Subway's problem.

  6. Anonymous Coward
    Anonymous Coward

    As soon as we have more information, we will be in touch

    refreshing to read such a no-nonsense update, instead of the usual post-fuckup bullshit, about how they (not subway!) take privacy of their customers with utmost seriousness, etc, etc.

  7. John Brown (no body) Silver badge


    "some of our guests have received an unauthorised email."

    Ah, so it's only affecting people who are in the shop, sitting at a table then?

    1. Version 1.0 Silver badge

      Re: Guests?

      Maybe the free WiFi was hak5'ed

    2. DavCrav

      Re: Guests?

      Unless the sandwich shop also has accommodation, they are still just customers.

  8. Anonymous Coward

    Now Hear This!

    It's not "If you got an unexpected message from the not-footlong guys, don't click links"

    It is now, has already been, and will always be "If you got an unexpected message from ANYONE, don't click links"

    Sorry for the allcaps but it irritates me that sheep exhibit more common sense than people.

  9. nameless_phil

    Guests¡? FFS!

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like