Malicious email campaign purporting to be Subway delivers Trickbot malware

Malicious emails purporting to be from sandwich company Subway UK are being reported by multiple sources, including consumers and security researchers alike. These malicious emails state that the recipient has completed an order and details of this are included within the communication. A link is contained within the email, which if clicked on leads to the download of a malicious Microsoft Office Excel (.xls) spreadsheet file containing the malware Trickbot.

Top TIps: 

• Be aware and pro-active: When responding to emails or phone calls, never give your login or personal details. If you receive an email from a company that claims to be legitimate but is requesting these details, or a contact number tell them you will call them back. Use a contact number for the organisation that you have sourced reputably. Speak to them directly to confirm that the message is genuine
• Use your spam filter: If you detect a phishing email, mark the message as spam and delete it. This ensures that the message cannot reach your inbox in future. 
• Know your source: Never respond to a message from an unknown source. Take care not to click any embedded links. Phishing emails are sent to a vast number of randomly generated addresses. However, clicking embedded links can provide verification of your active e-mail address. Once this occurs it may facilitate the targeting of further malicious emails. Even “unsubscribe” links can be malicious. Ensure that the e-mail is from a trusted source and you are, in fact, subscribed to the service.