Subway email weirdness: Suspicion grows over apparent Trickbot trojan delivery campaign Subway patrons in the UK received suspicious emails this morning and infosec researchers fear this is linked to the theft of customer details – and a Trickbot malware campaign. "I've just had an email purporting to be from Subway (the sandwich people) and sent to an address used only for Subway," Reg reader Alan told us. He …
Sometimes (presumed) legitimate businesses seem to go out of their way to look suspicious. It certainly makes life easier for the real phishers.
I just ordered a book on eBay. Apart from the normal communications via eBay they've so far sent two completely unnecessary emails from their own domain via a 3rd party mailer with a 4th party non-read reply address. The first is a long email about their T&Cs - bollocks because eBay's T&Cs apply - with a PDF alleged to be a cancellation form. The second contains PDFs alleged to be their invoice and return slip (any returns would be handled by eBay's system). All for a book costing less than 3 quid.
Either this business, which claims to be one of the largest of its kind in Germany, hasn't got the hang of selling via eBay or they too have been got at.
3 days ago when got up had missed 0845 call on mobile and landline. Checked no on Google and most sites stated spammers purporting to be Nationwide . Later that day had another call from same number. They stated they were Natiowide and to press 1 to continue. Pressed 1, said press 5. Pressed 5 . Message stated my year of birth and asked for day an month. I thought if they already know year not hard to get DM so I entered. Then got message telling me about late payment on Credit card. Hung up, went online and CC payment had been missed. (Not received first statement) .
Question. This would have taken a lot of programming to configure. Why not just send text or email as they have both on online account. Hundreds of people think this is not genuine and it is absolutely not neccessary.
It seems a little weird to be giving your email address to a sandwich shop anyway. Are you desperate to hear about exciting new Brie concoctions? Ditto sandwich shop apps. But then I used to buy my sandwiches from Greggs when I last worked in an office, and the act of buying a much cheaper, but fresh and tasty sarnie, rather than one from the outlets considered fashionable by the iPhone owning trendies, was looked upon with incredulity by the most ad-deluded of them, almost as if I'd just told them I lived in a cave.
I gave a unique email address when I signed up for an account with Subway... the loyalty scheme is fairly generous. If I'm buying for the family, I may as well rack up enough points for 'free' subs, cookies and coffee.
The online account / app usually beats carrying a Subcard around just in case we stop at Subway on the services.
This is very simple if you have your own domain - if I were to frequent Subway and wanted to receive their promotions I would simply give my address as subway@mypersonaldomain.com. Since very few of these requests for my email are of any interest to me at all they go to a simple catch-all address which I look at occasionally.
If I ever get junk mail of any sort and want to know who has been breached or sold my details I simply look at the address it was sent to then silently delete any further emails sent to that address by the application of a simple filter rule.
It's not "If you got an unexpected message from the not-footlong guys, don't click links"
It is now, has already been, and will always be "If you got an unexpected message from ANYONE, don't click links"
Sorry for the allcaps but it irritates me that sheep exhibit more common sense than people.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
