GrubHub users have been receiving fraudulent emails that emanate from a fraudulent email address, promising them a tenfold payment in return for a transfer of Bitcoin to a specified wallet. The email claimed to be a part of the ‘Holiday Crypto Promotion’ and comes from the legitimate ‘b.grubhub.com’ subdomain.
According to reports, the email address is the one GrubHub uses when it wants to communicate with its merchant partners and restaurants. “There are 30 minutes left in our Holiday Crypto Promotion. Grubhub will 10x any Bitcoin sent to this address […]. For example, if you send $1000, we’ll send back $10,000,” reads the fraudulent message. Some of the emails were delivered from ‘[email protected]’ and ‘[email protected].’ The emails have been making the rounds since December 24, and they include the names of the recipients.
Fake GrubHub promotional email promises users return on crypto
The scam is a fake crypto reward campaign being carried out by scammers, where they lure their victims to send funds to wallets under the control of the scammer, promising to send back a larger amount. This type of scam has been seen over the past few years since crypto became mainstream. For instance, scammers take to the comment section of popular figures to promise users more than two-fold returns when they send digital assets to a specified wallet.
With the messaging address appearing to take the shape of an original GrubHub email, some users have speculated that the scam messages might be due to a DNS takeover attack. This would allow the attacker to send emails that pass authenticity checks, although the company has yet to provide any in-depth details about the incident. In a statement, a company spokesperson mentioned that it is an isolated problem and they are working to prevent a future occurrence.
“We’re aware of unauthorized messages that appear to have been sent by Grubhub to some of our merchant partners. We immediately investigated, contained the issue, and are taking steps to ensure it doesn’t happen again,” Grubhub said. At the beginning of the year, the company announced that a hacker had been able to access a directory that contained names, email addresses, and phone numbers belonging to its customers, merchants, and drivers.
FBI issues warnings over increased crime during holidays
The company noted at the time that the intrusion was caused by an account used by a third-party to provide support services to GrubHub. Meanwhile, this incident is one of the few that the Federal Bureau of Investigation warned users about a few weeks ago. The federal agency mentioned that scammers would be looking for victims looking to take advantage of the holiday, in turn robbing them of their funds or digital assets. For instance, users looking for holiday discounts may fall into the trap of these bad actors.
In addition, the FBI mentioned that other scams include non-delivery scams, where users pay for an item, and they do not receive it, non-payment scams, where users ship goods before payment, and many others. The agency mentioned that users lost more than $785 million to non-payment and non-delivery scams in 2024, adding that credit card fraud accounted for another $199 million in losses to scammers.
The FBI says it receives large amounts of complaints in the early months of each year, suggesting that several users had been scammed by bad actors during the festive and holiday period. In view of this, the agency has urged users to refrain from clicking on any links, noting that scammers use phishing links to access people’s personal information. In some other cases, phishing links are used to trick users into using their crypto login on fake websites, which leads to theft.
Join Bybit now and claim a $50 bonus in minutes
Source: https://www.cryptopolitan.com/fake-grubhub-tenfold-return-cryptocurrency/
