Watch out for a new phishing scam which pretends to be a communication from the Subway sandwich chain.

These malicious emails claim to be an order confirmation and, as with any phishing or smishing communication, there is a link that the sender tries to convince you to click. In this case the link will download malware known as ‘TrickBot’, which is designed to steal personal information from infected computers, and can also install other viruses and ransomware.

Please DO NOT click on the link.

These emails appear particularly convincing because they use their recipients’ names and appear to come from the chain’s Subcard loyalty scheme. Unfortunately this is because the Subway system that manages email campaigns was compromised and e-mail addresses and names accessed.

Whilst this particular scam targets subscribers to e-mail news and offers from Subway, it is likely to be only a matter of time before the scam is used on a more widespread basis with other fast food outlets’ names and branding used to trick the recipient.

Please remember to never click on any links or attachments in e-mails you’re not expecting or where you don’t know the sender.

If you receive any suspicious email please forward it to report@phishing.gov.uk