Messaging app Telegram is at the heart of a new fraud scheme that allows criminals to steal from restaurants and delivery services.
The scam sees fraudsters take to Telegram forums and offer their services to buy heavily discounted food and drink. Interested buyers will send the scammer a cryptocurrency payment along with their order.
Then, the criminal uses stolen payment information or a hacked account to buy the food and have it delivered to the customer.
Once victims discover the fraud and have the charges dropped, the merchants are responsible for refunding the consumer. As such, they lose the goods that have already been supplied along with the payment, and can have fines from their payment processors.
The relative speed at which orders are processed and delivered means that it can be difficult to spot and stop the fraud in time, making food deliveries a vulnerable target for this type of scam.
The new scheme was uncovered by cybersecurity specialists Sift and its Digital Trust and Safety Architects.
DIGIT’S 2021 #virtualevents calendar:
📅 #MarTech Summit https://t.co/JkViHnOzbF Wed 24 Feb
📅 ScotSecure #CyberSecurity Summit https://t.co/JaD886wGh9 24/ 25 Mar
📅 #DigitalEnergy Summit https://t.co/thGSfrBqlM 22 Apr
📅 DIGIT #Leader Summit https://t.co/alC1xjRvtW 26 May pic.twitter.com/XXGqh5Braw
— DIGIT (@digitfyi) January 18, 2021
“The Dark Web can be difficult to access and with frequent marketplace shutdowns by law enforcement, bad actors are looking for new places to commit crime. End-to-end encrypted messaging platforms like Telegram are attractive options as they are more accessible and it is easier to go undetected when committing low-level fraud,” said Trust and Safety Architect at Sift Brittany Allen.
“While merchants may not be able to prevent fraudsters from marketing their services in messaging apps, they can protect themselves at the point of attack by adopting a Digital Trust & Safety strategy, which prevents fraud while reducing friction for legitimate customers.”
The company warned that data from its global network of over 34,000 apps and sites showed that fraud rates among restaurant apps and food delivery services grew 14% from the third to the fourth quarter of 2020.
Food delivery apps such as Deliveroo and Uber Eats have seen a boom in demand thanks to the coronavirus pandemic. According to Statista, the number of users for smartphone food delivery apps has grown from 36.4 million users in 2019 to 45.6 million users in 2020.
- Leader Insights | Jude McCorry, chief executive, Scottish Business Resilience Centre
- New Scotland’s Census website to improve public data access
- Scottish schoolgirls showcase skills in national cybersecurity competition
With people largely confined to their homes, food and grocery deliveries have increased, with delivery platforms reaping the benefits. For example, Deliveroo managed to reverse years of losses and make a profit in 2020.
However, there are concerns that the increased revenues are coming at the expense of the restaurants that provide the food. With many establishments losing out on months of trades, the roughly 30% commission being taken by the delivery apps is eating up their profits.
As such, the new scam is putting additional pressure on small businesses a time when they are already struggling.