“Do you like free food? Me too,” says the message on the app. “That’s why I’m offering 2 ways to earn free food.”
Or more specifically, new ways to rip off restaurants, delivery apps, and consumers.
There is an elaborate scheme whereby scammers use stolen personal information and payment details to sell heavily discounted restaurant meals delivered right to your door.
It reminds me of someone selling handbags from the trunk of a car. A designer purse can’t be that cheap, but some buyers don’t want to imagine that the guy on the corner making a quick buck with stolen or counterfeit goods.
Now there are Korean-style fried chicken or lobster tacos.
Many of us imagine scammers looking only for big rip-offs, such as B. Love scams that can lose tens of thousands of dollars, or tax scams that trick people into putting $1,000 or more on gift cards to pay back taxes.
But the scammers know how to play what’s popular in all sorts of ways, so even relatively small time trades can add up to big dollars in the scam economy.
Restaurant-related scams exploded as many people stayed at home during the pandemic and restaurants adopted the delivery model to limit indoor dining.
Who isn’t looking for a grocery deal?
“If you have to eat, you have to eat,” said Brittany Allen, trust and security architect for Sift, a fraud prevention company. She has worked on e-commerce marketplaces, including Etsy and Airbnb, for about a decade to prevent misuse of consumer data.
Many people who lost their jobs and faced financial challenges during the pandemic were looking for bargains. Some easily rationalized questionable pitches that suggested a way to basically get restaurant meals for free.
The proliferation of meal delivery services and restaurant apps is just another easy target for scammers engaging in account takeover attacks.
I first heard about this unusual scam when a friend at Free Press told me that she saw a $60 charge on her credit card for Bonchon Chicken on GrubHub. She found the charges odd because she hadn’t ordered GrubHub in a long time and rarely had groceries delivered.
She went to GrubHub and saw that someone in Philadelphia had used her account to place an order for bonchon chicken, which was subsequently cancelled. Yes, she called her credit card company and was issued a new number and card.
More:Survey scams offer free articles, hiding behind big names: The #1 red flag
More:Scammers are pretending there’s a problem with your Social Security benefits, number
Messaging apps like Telegram and Discord that reach out to people outside of your own circle of contacts are often used to promote some sketchy offers.
A TikTok video even shows how to get “free groceries” and how to scam delivery companies.
Some consumers discover the deals on social media sites like Facebook and Instagram, where scammers impersonate a big brand name and offer so-called local specials.
How the scam works
The scammer could advertise that they can place an order using a stolen Grubhub account. But the crooks want 20% of the total order value in order to provide this service.
The consumer shopping for the “offer” then orders $100 worth of groceries at a local restaurant and then pays the scammer, say, $20 in cryptocurrency.
The discounter that orders the kung pao chicken dumplings or steak and cheese sandwiches at a great price is paying a fraction of the value of the food ordered.
The scammer then orders the food and pays $100 to Grubhub using the credit card on file with the stolen account.
The scammer will often use another consumer’s credit card stored in a grocery delivery app — information the crooks have on hand — to make the purchase and ring that card to cover the rest of the cost on your meager budget , ok, let’s steal it, meal.
Some consumers might eat cheap in Philadelphia while someone in Detroit uses a credit card to cover most of the bill.
Or the crooks might be able to use your accumulated loyalty points or account balance, Allen said.
“It’s becoming a scam as a service attack,” she said.
What some delivery services and restaurants warn about
Grubhub said it’s vigilant in trying to prevent unauthorized activity and has safeguards in place, such as: B. Securely encrypting credit and debit card information with a third-party payment processor.
“Unfortunately, there will always be people trying to use technology in fraudulent ways,” said a Grubhub spokesman.
Guests are encouraged to contact the delivery app and their bank immediately if they notice any suspicious charges.
“For convenience, we also encourage guests to monitor their account and use a password unique to Grubhub and change it regularly.”
Another twist on food delivery scams: Fake websites mirror a local restaurant. The consumer orders food and pays by credit card. But the food may never arrive. Or a supplier comes to pick up an order that may not show up in the system, but the restaurant still fulfills the order — only to find out that the order wasn’t real and they don’t get paid.
The Better Business Bureau has warned about such fake restaurant sites that may only be designed to steal your credit card information and never deliver groceries. If you suspect you’ve entered your credit card information on a fraudulent website, the BBB suggests you cancel your card immediately and request a new one. The crooks know how to fake delivery services and restaurants. Watch out for unusual URLs before placing an order.
Sometimes guests enjoy cheating
In some cases, consumers willingly participate in a scam that saves them money.
A local restaurant told me there have been instances where someone claimed to be at the restaurant to pick up an online order – but the restaurant knows it’s a scam because they don’t take online orders.
“You can honestly search for the word ‘scam’ or ‘free food,'” Allen said.
In many cases, “those guests are fully aware that anything they attend involves fraud,” Allen said. “You’re not in the dark about this.”
Private messaging apps like Telegram and other messaging apps, she said, offer scammers ways to target a broader audience that is interested in scams but may not be as tech-savvy to navigate the dark web.
Scammers may even offer “free food” if you refer a group of friends.
“Honestly, once a guest who wants to receive that meal goes to one of those Telegram groups, all they have to do is make a payment via a cryptocurrency. scammers are smart; they know that credit card transactions can be reversed or disputed. They don’t want to deal with that,” Allen said.
“You get paid in Bitcoin or Ethereum.”
However, for the scam to work, scammers begin by obtaining information about major data breaches, where hackers can obtain names, addresses, and email addresses, and potentially financial information such as credit card and debit card numbers.
According to Allen, scammers take advantage of the fact that around 70% of consumers use the same password on different websites. Once they have your password for one entity, they can use the same for another.
The scammers obtain broken credentials from a platform and test them with websites, she said, including restaurant sites or delivery apps they want to target.
Scammers adapt to circumvent security measures that restaurants try to implement.
In early March, Allen spotted a scammer posting how to circumvent a restaurant’s efforts to block delivery from certain addresses that have been repeatedly fraudulent.
The scammer suggested that their customers provide an address two or three houses away from where they live, and then the guest can go down the street to that location to pick up the food delivery in order to continue receiving service.
“They basically wanted to burn the addresses of completely innocent neighbors,” she said.
How do you know if your account was used to buy someone a round of burgers?
Signs include a password change, an alert on a phone, or an unusual charge on a credit or debit card.
Consumers should be careful not to use the same passwords. Create unique passwords for a variety of apps and services.
Also, set up alerts for purchases made on your credit card, which can help you act quickly before further charges are made. You can have the card issuer change the number if you know your card has been compromised.