BleepingComputer reports that malicious emails purporting to be from U.S. online food delivery service GrubHub have been luring its users to send Bitcoin to a provided wallet address in exchange for a tenfold increase in payout as part of a supposed "Holiday Crypto Promotion" promo since Christmas Eve.
Attackers leveraged the "[email protected][.]com" and "[email protected][.]com" email addresses to distribute the phishing messages that warned of a 30-minute deadline before eligibility for the promo ends. While the delivery of such messages is believed to have been caused by a DNS takeover intrusion, GrubHub has yet to provide specifics as it noted an ongoing probe into the incident.
"We're aware of unauthorized messages that appear to have been sent by Grubhub to some of our merchant partners. We immediately investigated, contained the issue, and are taking steps to ensure it doesn't happen again," said GrubHub.
Such a development comes after GrubHub disclosed having data from its customers, merchants, and drivers compromised as a result of a third-party breach earlier this year.
Attackers leveraged the "[email protected][.]com" and "[email protected][.]com" email addresses to distribute the phishing messages that warned of a 30-minute deadline before eligibility for the promo ends. While the delivery of such messages is believed to have been caused by a DNS takeover intrusion, GrubHub has yet to provide specifics as it noted an ongoing probe into the incident.
"We're aware of unauthorized messages that appear to have been sent by Grubhub to some of our merchant partners. We immediately investigated, contained the issue, and are taking steps to ensure it doesn't happen again," said GrubHub.
Such a development comes after GrubHub disclosed having data from its customers, merchants, and drivers compromised as a result of a third-party breach earlier this year.




