Online Threat Alerts (OTA) - Alerting you to scams and frauds.
Virus - Malware - Spyware
If you have received an email like the one below that appears to have been sent from subcard@uk-ie.subwaysubcard.eu, which claims your order documents are ready and awaiting confirmation, please do not click the link in it. This is because the link in the fake email goes to a malicious website that asks visitors to download a malicious Microsoft Office Excel document that will infect their computers with viruses and other malware.
The malicious Microsoft Office Excel document contains a password to prevent anti-virus software and anti-malware from detecting the Macro virus or malware in it. But, the malicious document cannot do anything unless the person who downloaded it "Enable Editing" and "Enable Content" from the yellow bar. This is is why it is important that online users never open password-protected Microsoft Office documents, "Enable Editing" and "Enable Content".
Online users who have already opened the malicious document, "Enable Editing" and "Enable Content" are asked to scan their computers with the antivirus software installed on them to remove malware that may have been installed by the malicious Office Excel document.
4
Had two emails and both come from the same source as previous legit subway emailsSPAM EMAIL:ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@UK-IE.subwaysubcard.eu header.s=cm header.b=K5SqJtWC; dkim=pass header.i=@cmail2.com header.s=cs2013 header.b="E/oeDTFJ"; spf=pass (google.com: domain of subcard-mtllhz1jhtriuhkdd1i@cmail20.com designates 203.55.21.201 as permitted sender) smtp.mailfrom=Subcard-mtllhz1jhtriuhkdd1i@cmail20.comReturn-Path: Received: from mx201.a.outbound.createsend.com (mx201.a.outbound.createsend.com. [203.55.21.201])LEGIT EMAIL:ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@UK-IE.subwaysubcard.eu header.s=cm header.b=vMcqLGAI; dkim=pass header.i=@cmail2.com header.s=cs2013 header.b=KPjU9QAw; spf=pass (google.com: domain of subcard-mjhjyik1jktjdhutht1i@cmail20.com designates 27.126.146.33 as permitted sender) smtp.mailfrom=Subcard-mjhjyik1jktjdhutht1i@cmail20.comReturn-Path: Received: from mx33.b.outbound.createsend.com (mx33.b.outbound.createsend.com. [27.126.146.33])subway systems or their mailing software partner have been breached
It is seems as if they are using a email newsletter software called CreateSend at thormailer.com
Just had the same email and blocked it.
I've had one today saying "Thank you for shopping with us, you'll find a summary of your order below" with a link. Luckily I did not click it as I knew I hadn't ordered anything.
