- Popular
- Most Commented-On

Online Threat Alerts (OTA)

An anti-cybercrime community alerting the public to web or internet threats.

Recently Commented On

www.asianetwork.net a Fake CN and ASIA Domain Name Registration Website - Phishing - Scamming - Fraud - Identity Theft
- 5 years ago
- Views: 3,781
- 12 Comments

351 Area Code Scam Calls - Have You Received One? - Questions and Answers

3 years ago
Views: 1,477
18 Answers

Norskla Limited Scam Store at norskla.com - Phishing - Scamming - Fraud - Identity Theft

1 month ago
Views: 3,170
2 Comments

Is forgottenjews.org a Scam? Review of Forgotten Jews - Questions and Answers

1 year ago
Views: 16,429
159 Answers

Mrs. Gloria C. Mackenzie Donation or Grant Foundation Scams - Lottery - Donation - Inheritance Scams - Ponzi Schemes

6 years ago
Views: 9,780
61 Comments

Thormailer.com used to Send subcard@uk-ie.subwaysubcard.eu Scam Emails

Comments: 1
Views: 250
Save
Updated: Dec. 11, 2020 2020-12-11T14:26:35-05:00
Posted: Dec. 11, 2020 2020-12-11T14:09:11-05:00
Online Threat Alerts (OTA)

The fake and malicious subway subcard emails like the one below that appears to have been sent from subcard@uk-ie.subwaysubcard.eu, is actually sent by Thormailer.com from CREATESEND.COM. Thormailer.com / CREATESEND.COM is a email newsletter software, so it appears it being abused by online scammers.

The subcard@uk-ie.subwaysubcard.eu Scam Email

The link in the fake email goes to a malicious website that asks visitors to download a malicious Microsoft Office Excel document that will infect their computers with viruses and other malware.

The malicious Microsoft Office Excel document contains a password to prevent anti-virus software and anti-malware from detecting the Macro virus or malware in it. But, the malicious document cannot do anything unless the person who downloaded it "Enable Editing" and "Enable Content" from the yellow bar. This is is why it is important that online users never open password-protected Microsoft Office documents, "Enable Editing" and "Enable Content".

The Malicious Microsoft Office Excel Document

Online users who have already opened the malicious document, "Enable Editing" and "Enable Content" are asked to scan their computers with the antivirus software installed on them to remove malware that may have been installed by the malicious Office Excel document.

Check the comment section below for additional information, share what you know, or ask a question about this article by leaving a comment below. And, to quickly find answers to your questions, use our search

engine.

Note: Some of the information in samples on this website may have been impersonated or spoofed.

Was this article helpful? +

Yes (1)
No (0)

Share this with others:

The comments, reviews or answers below do not necessarily reflect the views of Online Threat Alerts (OTA).

December 15, 2020 at 11:04 AM by an anonymous user from: Seacroft, Leeds, England, United Kingdom
I received this email on my iPhone. I clicked on the link it appeared just as shown above but it didn't display as an Excel document. Consequently it didn't display the yellow bar with 'Enable Content'. So I didn't click on anything else just screen shotted it and deleted the email. 3 days later someone apparently using our Paypal account (according to the bank) made two online purchases amounting to about £200. Is it possible that this is due to this link although I didn't knowingly enable it? I have reset my iPhone but couldn't find a back up dated prior to this phishing attack. What can I do to protect my iPhone? We have already cancelled all cards and blocked our online banking services but it is the iPhones security I am concerned about, moving forward. Please can someone advise me on the best course of action
Thanks Richard
remove