Quote:Count the Subway sandwich faithful among the latest victims of cybercriminals. Researchers at Sophos discovered a phishing campaign aimed at Subway loyalty-card members in the U.K. and Ireland, in an attempt to trick them into downloading malware. The campaign wasn’t particularly impressive, according to Sophos researchers.
“As phishes go, this one isn’t terribly sophisticated or believable, and the scam itself requires several clicks, each one more suspicious than the last,” the report said.
Quote:The goal of the phishing campaign is to get victims to change their Excel security settings, allowing the malicious actors to run macros and deliver malware to the victim’s device, Sophos explained. The code creates a URL from a hidden “Files” sheet. The URL then grabs the malware.
“The crooks are hoping you will think that turning macros on will somehow increase security, when in fact you are enabling a feature that makes it possible for the criminals to download and install malware.”
Read more: https://threatpost.com/subway-loyalty-ca...am/162308/
![[-]](https://www.geeks.fyi/images/collapse.png)
