Is nowhere safe from cybercrime?
Of all the places one might expect to be safe from the scourge of hackers, Subway, is quite high on my list. The only fraud I thought occurred in stripmall sandwich shops were the pepperoncinis.
But I was wrong.
Shahin Abdollahi, a California man, pled guilty to exploiting point-of-sale systems he and a partner had sold to Subway franchises.
Here's how the hustle worked: On one end of it, they ran a business called the POS Doctor—not a gastrointestinal clinic—that dealt in point-of-sale systems. They talked various Subway franchisees in Franklin, Massachusetts, Sundance, Wyoming, and Lakewood, California into purchasing these POSs. Because businesses need cash registers, I guess, and someone has to sell you one.
But along with the working POS, they bundled in a remote access program—one that's commercially available, LogMeIn. That's pretty standard because of course it makes sense to connect your cash register to the Internet, but the catch was that Abdhollahi kept the virtual keys to the till. So after some unsuspecting 17-year-old would close up the shop, he would switch on the cash register in the wee hours of the night and load up gift cards with a bunch of money.