Subway email weirdness: Suspicion grows over apparent Trickbot trojan delivery campaign

2020-12-11 14:15

Subway patrons in the UK received suspicious emails this morning and infosec researchers fear this is linked to the theft of customer details - and a Trickbot malware campaign.

"I've just had an email purporting to be from Subway and sent to an address used only for Subway," Reg reader Alan told us.

Source code of one of the suspicious emails posted to Github by PHP dev Richard Bairwell revealed the full message headers, which appear to point to email firm Campaign Monitor as the source of the message.

Bairwell told The Register he received the two suspicious emails at his link above today, adding: "Both emails - like all emails from Subway from at least May last year - have come via CampaignMonitor/cmail.com."

Subway sent us the following statement: "We are aware of some disruption to our email systems and understand some of our guests have received an unauthorised email. We are currently investigating the matter and apologise for any inconvenience. As soon as we have more information, we will be in touch, until then, as a precautionary measure, we advise guests delete the email."

News URL

https://go.theregister.com/feed/www.theregister.com/2020/12/11/subway_email_oddity_trickbot_links/

#email #trickbot #trojan