Security News
![S3 Ep11: DIY phishes, sandwich scams and vaccine hacking [Podcast]](/static/build/img/news/s3-ep11-diy-phishes-sandwich-scams-and-vaccine-hacking-podcast-small.jpg)
We look at phishing tricks that really work, investigate a bizarre scam involving Subway sandwiches, and ask whether cybercriminals have lost their interest in the rest of us now they have coronavirus-related targets to go after. LISTEN NOW. Click-and-drag on the soundwaves below to skip to any point in the podcast.

Count the Subway sandwich faithful among the latest victims of cybercriminals. Researchers at Sophos discovered a phishing campaign aimed at Subway loyalty-card members in the U.K. and Ireland, in an attempt to trick them into downloading malware.

Here's our latest Naked Security Live talk, about how to avoid email scams that arrive under the guise of a well-known brand - in this case, global sandwich seller Subway. Watch directly on YouTube if the video won't play here.

Subway customers in the UK and Ireland were swamped with scam emails yesterday in a phishing campaign that aimed to trick recipients into downloading malware. As a result of this uncertainty, many Twitter users have asked Subway if the scamming campaign was down to some sort of breach: perhaps, they wondered, criminals had somehow got access to Subway's newsletter service in order to click [Send] on an unauthorised email campaign.

Security company GreatHorn shared some of the latest ways cybercriminals are trying to take your money. Here's how to avoid them.
![S3 Ep10: Hacking iPhones, sunken Enigmas and double scams [Podcast]](/static/build/img/news/s3-ep10-hacking-iphones-sunken-enigmas-and-double-scams-podcast-small.jpg)
In this episode, we dig into research that figured out a way to steal data from iPhones wirelessly; we tell the fascinating story of how environmentalist divers in Germany came across an old Enigma cipher machine at the bottom of the Baltic sea; and we give you advice on how to talk to phone scammers. LISTEN NOW. Click-and-drag on the soundwaves below to skip to any point in the podcast.

With the holiday season in bloom, watch out for scams that promise free gift cards or offer to check your gift card balance, says Bolster. A report released Tuesday by fraud prevention company Bolster looks at two types of gift card scams ringing in the holiday season and offers tips on how to avoid them.

Phone scams, where a person or a computer calls you up and tries to trick you into saying, buying or doing something you later regret, are still a prevalent sort of cybercrime. What we have noticed is that most of the scam calls we're getting these days are automated, and that the calls themselves - just like phishing emails that are trying to cajole you into taking the next step by yourself - are merely calls-to-action, not full-on sales pitches in their own right.

A man pleaded guilty Thursday to his role in a computer protection services scam that cheated victims out of nearly $1 million by misleading them into believing that malware had been detected on their computers, federal prosecutors said. Himanshu Asri, 33, of Delhi, India, pleaded guilty in federal court in Providence to wire fraud conspiracy, according to the office of U.S. Attorney for Rhode Island, Aaron Weisman.

The Federal Bureau of Investigation has issued a notification to warn organizations of scammers setting up auto-forwarding email rules to facilitate business email compromise schemes. Cybercriminals are exploiting the mass shift to telework during the COVID-19 pandemic to conduct malicious operations, including BEC scams that are more likely to succeed due to the targeting of an email rule forwarding vulnerability.