Identity Thieves Are after Your Sandwiches. No, Seriously.
A new breed of identity thief is at large, and He. Is. Hungry.
Let every mindful fast food consumer beware; someone is eyeing your lunch. This prowler lurks not in dark allies and abandoned street corners–he, or she, lurks much nearer than that.
One may be inside your pocket already.
We’re not talking about the classic identity thief who targets your bank account or email account–we’re talking about a petty thief who will take the food right out of your children’s mouths.
We’re talking about a thief, so desperate; he makes J. Wellington Wimpy and the Hamburglar seem civilized.
We’re talking about the notorious Fast Food App Account thief.
Be afraid of him or her. Because even if you happen to own identity theft insurance you’ll never see that stolen sandwich again, and that’s a shame.
What do thieves do with a stolen identity anyway?
In the past we’ve blogged about unscrupulous travel agencies [read: hackers] selling stolen frequent flier miles. But in today’s marketplace the stakes have gotten, well… lower. Today, criminal vendors hawk stolen website account information through black market websites. These black market websites, such as the likes of Silk Road, tempt over-thrifty consumers to purchase the usernames and passwords of hard-working, innocent people.
What exactly is for sale?
They sell everything from Uber cab-ride credits, to pre-paid mobile credits, and even Subway frequent buyer credits.
Yes, these days fraudsters are willing to violate your sense of security–the sacred peace-of-mind you feel knowing that your personal identity remains your own, for a mere five-finger discount on some fast food.
Accounts associated with the mobile app SubCard in the United Kingdom are available for purchase 24×7, 365 days a year, for the sole purpose of ordering food from Subway using an identity theft victim’s Subway membership. The fraudsters usurp the reward credits that Subway awards to loyal customers–which can be used to order food and drinks in their branches–and sell them.
How Hackers Eat Lunch at Your Expense
In a tutorial obtained by LogDog from one of the underground vendors, fraudsters are instructed to follow the following steps:
- Search for and download the “SubCard” app on your smartphone.
- Open the app and tap on “I’ve already registered my SubCard.”
- Enter the e-mail address and password provided.
- You’ll see a “Congratulations” message, this means the account login has been successful.
- Now when you open the SubCard app you’ll see a QR Code and your SubCard number which can be used to redeem points on the account in store at Subway.
- To check the balance of the account, hit the small menu icon and tap “My points balance.” Here you’ll be able to see the points available on the account along with what you can get with the points.
The purpose of this article is of course not to suggest that Subway has done anything unscrupulous. The accounts at hand have most likely not been stolen through network-breach hacking or anything of the sort. Most likely the victims themselves were the unsuspecting targets of Phishing or malware attacks.
No organization, from the largest financial institution in the world, to a sandwich vender such as Subway, can prevent their customers’ credentials from getting compromised if their customers are not scrupulous themselves.
What are the key takeaways from all of this?
How to Prevent Identity Theft
Stick a fork into identity theft with this two-pronged approach.
- Consumer awareness is our best identity theft insurance. We must be aware of what thieves do with a stolen identity. We must learn how to prevent identity theft. We must remain on guard. And most of all, if we ever have an opportunity for catching identity thieves of the world, we really should make them pay dearly for all of those hoagie sandwiches.
- Organizations must be aware that fraudsters are going after their users’ credentials. They must proactively plan how to prevent identity theft from occurring while at the same time maintaining a seamless user-experience for customers.
Fraudsters are not only after our credit cards and online banking credentials. They covet our membership reward program credits, even ones associated with simple fast-food mobile app accounts. So that email you supposedly got from Subway… may have been a Phishing scam.
Keep your eye on your lunch.
Did you enjoy this post? If so, subscribe to get a weekly roundup from BlogDOG.