What happened
A Grubhub email crypto scam saw fraudulent emails posing as company communications promising recipients a “Holiday Crypto Promotion” that would return ten times any Bitcoin sent to a listed wallet address. The messages appeared to come from a legitimate Grubhub subdomain and even included recipient names, but the offer was fake and designed to trick people into sending cryptocurrency to scammers. 
Who is affected
Grubhub users and merchant partners who received these deceptive emails were targeted. Some victims received messages from seemingly trusted addresses, increasing the likelihood of engagement. 
Why CISOs should care
This incident highlights how attackers exploit trusted brands and legitimate infrastructure to craft convincing phishing campaigns. Even well‑known companies can have their communication channels abused to distribute fraudulent content, posing financial and reputational risk. CISOs must anticipate brand impersonation and be ready to defend against increasingly sophisticated social engineering tactics. 
3 practical actions:
- Enhance email authentication: Ensure SPF, DKIM, and DMARC policies are properly enforced to reduce phishing from spoofed or compromised domains.
- Monitor brand channels: Actively monitor corporate subdomains and vendor integrations for unauthorized use or unusual activity.
- Educate users: Regularly train employees and external partners on spotting phishing lures, especially scams promising financial rewards, and encourage reporting suspicious messages before action is taken.