How to avoid being scammed by food ordering apps

Mobile delivery apps have become more popular than ever during the pandemic. But it didn’t take long for cybercriminals to capitalize on America’s changing eating habits during the shutdown.

Brittany Allan, security engineer at fraud prevention platform Sift, calls grocery app hacks “account takeover attacks,” or just “ATOs.”

“They’re targeting delivery apps like Grubhub and Seamless. They’re also targeting your favorite fast food restaurants,” says Allan.

The next thing you know, your account is locked out, or your hard-earned rewards are gone and affairs are taking place.

According to Sift, “ATO” attacks have jumped a staggering 307% in the past year. And this is what the fall looked like for the victims:

45% of consumers have had their money stolen;

42% had an unauthorized purchase on a stored credit card;

26% lost loyalty credits and rewards.

Here are some ways you can protect your account:

– Start by creating a unique password;

– Make sure you use a different one for each app – because if a hacker learns your password for one site, they’ll try it on all the others until they get in;

– Also watch out for strange email notifications or not being able to log into your account. If this happens, contact your dealer immediately.

Uber:

We take the security of user accounts very seriously, and if users believe their account has been compromised, we encourage them to report it to us so we can investigate and take action.

Users should follow some very clear basic tips to avoid falling prey to scams. There’s a blog with five tips to keep your Uber account safe and includes the following tip:

– Uber would never call or text or ask someone to provide their personal information (phone number, email address, password, SSN, credit card or two-factor verification code).

If a user believes their account has been hacked, they can report the issue to our team for investigation at help.uber.com or through the Uber app.

GRUBHUB:

We take precautions to prevent unauthorized activity and use safeguards to monitor and protect against fraudulent activity, such as securely encrypting credit and debit card information using a third-party payment processor. But unfortunately, there will always be people who try to use technology in a fraudulent way. Diners are encouraged to contact us and their bank immediately if they notice any suspicious charges or unauthorized account activity.

As a practical matter, we also recommend that diners monitor their accounts and use a unique Grubhub password and change it regularly.

DOORDASH:

A spokesperson for DoorDash said:

DoorDash takes the safety of our community extremely seriously. We’re constantly improving our defenses to prevent bad actors and help keep our community safe. We strongly remind all consumers to keep their DoorDash account and personal information secure at all times. The most important thing to remember is to have a strong, unique password and never share it with anyone. If you receive a password or security code request, please do not share it and contact DoorDash immediately.