Is DoorDash Safe?
During the pandemic, the demand for food delivery increased several fold because it is much more convenient and safer to order foods and just chill in the house. And the delivery can even be contactless. Therefore, it is not surprising that people increasingly use such a service.
Many delivery services have not only a website but also an application. For example, DoorDash is a popular food delivery service. However, their application collects quite a lot of data about its users. Evident violations by DoorDash’s data collection indicate that the application is not entirely secure. On the contrary, with the help of this app, scammers can carry out their attacks.
But is DoorDash safe to use?
You can read the previous article about app privacy here.
DoorDash data leak: details
Back in 2019, DoorDash published a message warning all users about possible online attacks. The reason for this was a data leak that happened a couple of days before. This case affected the data of about 5 million users, as well as sellers who sold their services on this platform.
The stolen data included:
- People’s names and personal numbers.
- Their addresses.
- Delivery data.
- Bank card data and passwords.
Find out how to choose the most private passwords in this article.
This large-scale leak cost millions of dollars to the owners of DoorDash, as well as thousands in damage to users. By the way, as a result of the hacking, about 100,000 driver’s license numbers of users of the application were revealed.
How did the leak actually affect users?
Despite the apparent danger of the incident for users, DoorDash insisted that the amount of stolen data was small. Furthermore, they claimed, the information that the scammers turned out to have acquired was not sufficient to conduct any fraudulent operation.
However, the stolen data of DoorDash users that was successfully sold out in the Darknet appeared in closed sources.
What is the Darknet? Find out more about the gray side of the internet.
One of the worst consequences of such sales can be fraudulent schemes in which your data is used to commit crimes. For example, an attack called credential filling may occur. The essence of the attack is that the confidential information of your account is used to access other accounts in social networks.
By the way, the price of such data in the Darknet starts from $5. It seems a small price tag to take such risks for. Perhaps it’s not just a matter of financial gain but also pumping up the skills of the scammers.
Is DoorDash safe? The main hacker schemes
Two types of hackers use your data in your DoorDash profile. The first, use it to order free food. The second use it for phishing campaigns, vishing, and other schemes. As a rule, such schemes are used to infect devices with various viruses and ransomware programs.
Learn more about different malware programs here.
To protect yourself, you need to know the main types of fraud in DoorDash.
1. DoorDash smishing scam
DoorDash reported that the leaked data only revealed the last 4 digits of users’ bank cards, as well as the last 4 digits of sellers’ account numbers.
But do not forget that other kinds of data were also revealed, such as phone numbers, addresses, and other data, which together can be the basis of a phishing/smishing attack.
Many users reported on the forums that hackers tried to contact them on behalf of DoorDash. As a rule, the message text looks order data, and the user must click a link to confirm the order.
There is nothing terribly suspicious about this because many delivery services do this. However, such schemes preys on users who did not order anything. They click on the link to cancel the order and instead get to a pharming website that collects their credit card information.
2. DoorDash email fraud
Another type of fraudulent scheme is using the promise of a discount on the next order. However, you should not believe such messages either.
One type of email fraud using a survey is gaining popularity. You receive an email with a request to complete the survey. In exchange, you are offered a discount for the next order on the DoorDash platform or any other company, such as Uber Eats.
After you click on the link and log in to your account, all your data will be saved by the scammers. The site they lead you to may look legitimate, but a hacker controls it.
3. DoorDash delivery fraud
A woman from Ohio reported a suspicious group of people who were near her house, one of whom approached her door wearing a DoorDash uniform. However, the woman had not ordered anything.
You might have thought that the courier simply got the wrong address and delivered the order to the wrong place. But the important thing here is that the courier was not alone.
The woman saw two more unknown men who were standing near her yard. They had something in their hands. Then one of them said to the other, “Hide, hide,” and “I have to cover you.” This, of course, prompted her to call 911.
This type of attack is made possible because the data leak included not only user data but also delivery addresses. Had this woman not noticed the other men lurking around, she may well have opened the door for the supposed DoorDash courier.
4. DoorDash fraud aimed at delivery service employees
Not only customers but also sellers can become a victim of scammers on the DoorDash platform. Numerous Dashers (DoorDash couriers) have reported that their DoorDash earnings were cheated.
For such a fraud scheme, a special tool is used to replace the number. The fraudster calls the Dasher, allegedly from the DoorDash number, and reports that someone is trying to gain access to their accounts. Then the caller will request a PIN code and login details to allegedly “confirm” his identity.
Only after some time, the deceived Dasher realizes that the money for some deliveries was stolen and transferred to the fraudster’s account.
5. DoorDash fraud aimed at merchants: cyber-shoplifting
The feature of chargebacks appeared just to protect consumers from fraudsters. After all, after data leakage and theft of bank cards, a scammer can make many unauthorized purchases. However, the consumer can cancel all orders by making only one call.
However, scammers have found a way to cheat the system here as well. They use chargebacks to their advantage. For example, they make purchases and make a chargeback after they have received free purchases.
How to protect yourself
Danger can lie in wait for us everywhere. Even a seemingly harmless service like DoorDash can cost you lost not only money but also time. Therefore, it is essential to beware of any dangerous situations that occur with such online platforms.
If your data has been compromised, you need to take immediate measures and protect yourself from fraudsters. In addition, always monitor your bank accounts and cards, check every payment, do not save data on the services. Use multi-factor authentication and enable SMS notifications about financial transactions.
More online security tips are here.