Some Grubhub users have received a tempting email offer from the food delivery service: Send $1,000 in bitcoin to a specified wallet, and get 10 times that amount back. Unfortunately, this is very much a scam.

As BleepingComputer reports, these promo emails were sent from addresses on b.grubhub.com, a legitimate Grubhub subdomain, so they appear verified in recipients’ inboxes. Two examples of senders include merry-christmast@b.grubhub.com and crypto-promotion@b.grubhub.com.

Beyond that, there are some pretty clear red flags. The subject line reads “30 minutes left – We’ll 10x your Bitcoin!” to promote a sense of urgency and an offer too good to be true (but also too good to ignore). The body includes the recipient’s name and instructions on how to participate in Grubhub’s “Holiday Crypto Promotion” with a bitcoin wallet address.

While Grubhub has acknowledged the problem, they haven’t released any details as to what facilitated attackers sending emails using a company address. The company did suffer a major security breach earlier this year, resulting in the leak of some user data (including names and email addresses).

There are several varieties of the crypto reward scam

The Grubhub email promotion is a pretty typical example of a cryptocurrency scam. The Federal Trade Commission outlines several variants, including get-rich-quick schemes guaranteeing big returns on your investment and celebrity-promoted “giveaways” that claim to multiply any funds you send.

If you fall for crypto fraud, there’s no way to track or get your money back, and even if victims are few and far between, scammers can score big paydays. That’s why you should be especially wary of anything and everything requiring a crypto transaction, especially if the offer sounds urgent or provokes a sense of either excitement or fear. And remember that no legitimate organization—government agency, law enforcement official, utility company, or prize promoter—will ever ask for payments in cryptocurrency.