Get Rich Quick: Cryptocurrency Investment Opportunity with Fake GrubHub Emails

Fake Grubhub Emails Promise Tenfold Return on Sent Cryptocurrency

Recently, Grubhub users have fallen victim to fraudulent messages that appeared to come from a legitimate company email address. These messages promised a remarkable tenfold return on bitcoin transfers to a specified wallet.

The emails, disguised as part of a ‘Holiday Crypto Promotion,’ originated from an email address on ‘b.grubhub.com,’ a subdomain commonly used by Grubhub to communicate with its merchant partners and restaurants.

The deceptive message stated, “There are 30 minutes left in our Holiday Crypto Promotion. Grubhub will 10x any Bitcoin sent to this address […]. For example, if you send $1000, we’ll send back $10,000.”

Some of these fraudulent emails were sent from addresses like ‘merry-christmast@b.grubhub.com’ and ‘crypto-promotion@b.grubhub.com,’ beginning on December 24 and even personalized with the recipient’s name.

This scam follows a common pattern where victims are enticed to send funds to scammers under the false promise of receiving a larger sum in return.

While speculation exists about a possible DNS takeover attack allowing the authenticity of these emails, Grubhub has not disclosed specific details about the incident.

However, a Grubhub spokesperson assured BleepingComputer that they swiftly addressed the issue and are implementing measures to prevent its recurrence.

Earlier this year, the food delivery giant disclosed a security breach where a threat actor gained unauthorized access to customer, merchant, and driver information like names, email addresses, and phone numbers. This breach stemmed from a third-party support account linked to Grubhub.