Food delivery apps have taken off during the pandemic, and it looks like fraudsters have taken notice.
Fraud detection company Sift said Thursday it has seen a rash of scams within the chat app Telegram that target restaurants and delivery apps for theft.
It’s a low-level grift that goes like this:
The fraudsters advertise in Telegram forums that they can illicitly buy food orders at steep discounts, around 60%-75% off. Diners send a direct message with a screen shot of their food app shopping cart and delivery address.
The diner then pays the fraudster for the discounted meal in cryptocurrency, and the fraudster in turn covers the full cost through a new account, stolen credit card information or a hacked account.
Diners get their food at a discount, restaurants are stuck with bogus payments, and the crooks get away with a profit. And all of it happens in a chat app that requires no particular cybercrime skill to access.
“The Dark Web can be difficult to access and with frequent marketplace shutdowns by law enforcement, bad actors are looking for new places to commit crime,” said Brittany Allen, trust and safety architect at Sift. “End-to-end encrypted messaging platforms like Telegram are attractive options as they are more accessible and it is easier to go undetected when committing low-level fraud.”
Fraudsters advertised their services heavily on Super Bowl Sunday in particular, the company said.
Sift said it also saw a 14% increase in payment fraud afflicting restaurants and food delivery apps from the third quarter to the fourth quarter of 2020.
The scheme that Sift uncovered isn’t the first to exploit the newfound popularity of food delivery apps.
“We’ve learned that fraudsters visit food delivery websites to test out credit card details they bought on the dark web — manually or using bots — before trying them out on more high-stakes goods,” Riskified wrote in August. “In this practice, scoring a meal is simply a bonus on the way to more lucrative fraud.”