Subway loyalty-card holders in U.K. and Ireland have been sent scam emails to trick them into downloading malware. The emails were sent from a subwaysubcard domain, personalized with the recipient s first name. The goal of the phishing campaign is to get victims to change their Excel security settings, allowing the malicious actors to run macros and deliver malware to their device. A Subway spokesperson said the company has no evidence guest accounts have been hacked
Source: https://threatpost.com/subway-loyalty-card-phishing-scam/162308/