Scammers have sent fraudulent emails to Grubhub users promising a tenfold return on any Bitcoin sent to a specified wallet. The messages, part of a fake "Holiday Crypto Promotion," were sent from the legitimate b.grubhub.com subdomain, which the company uses for official communication with its merchant partners. This allowed the emails to appear authentic, increasing the likelihood that recipients would fall for the classic multiplication scam.
The emails, sent from addresses like merry-christmast@b.grubhub.com, included the recipient's name and claimed the offer would expire in 30 minutes. While some speculated a DNS takeover might have enabled the attack, Grubhub has not confirmed the exact cause. The company stated it is aware of the unauthorized messages, has contained the issue, and is taking steps to prevent a recurrence.
This incident follows a data breach earlier in the year where a threat actor accessed customer and partner information through a third-party support account. The use of a legitimate company subdomain for this scam highlights a significant security concern and underscores the need for vigilance against too-good-to-be-true financial offers, even when they appear to come from trusted sources.
Read more...