Diners Devour Made-to-Order Fraud

Restaurants and food delivery services are being ripped off by a new made-to-order fraud scheme taking place on the messaging app Telegram.

Research and analysis from Sift’s Digital Trust and Safety Architects found that bad actors are advertising heavily discounted food and beverage delivery services on the app's forums. After receiving an order, the cyber-criminals pay with stolen credentials obtained from data breaches and cyber-attacks or leverage a hacked account with stored value to pay for the meal. 

Fraudsters were found advertising their ability to buy food and drinks at discounted rates ranging from 60% to 75%. Diners looking for a cheap meal add their items to an online shopping cart on a restaurant or delivery app then send the fraudster a screenshot of their order and the delivery address in a Telegram direct message.

Using stolen financial data, the fraudster buys the items in the cart and sends a verification screenshot back to the diner via Telegram. The diner then pays the fraudster for the order using cryptocurrency, such as Bitcoin or Ethereum, via PayPal, Venmo, or Cash App.

The diner gets a discounted meal, the fraudster makes a profit, and the restaurant or food delivery service used to make the purchase is left footing the bill.

"Payment fraud, as orchestrated by the bad actors using Telegram, can have devastating effects for merchant," said Sift researchers. 

"When consumers notice their credit cards have been stolen and used for unapproved transactions, merchants not only must refund the consumer and lose the item, but also face hefty fines levied by their payment processors."

According to data from the Sift global network of more than 34,000 apps and sites, fraud rates among restaurant apps and food delivery services increased 14% from Q3 to Q4 2020.

“The Dark Web can be difficult to access and with frequent marketplace shutdowns by law enforcement, bad actors are looking for new places to commit crime. End-to-end encrypted messaging platforms like Telegram are attractive options as they are more accessible and it is easier to go undetected when committing low-level fraud,” said Brittany Allen, trust and safety architect at Sift.

What’s Hot on Infosecurity Magazine?