Sift, a provider of Digital Trust & Safety, has announced that it has identified a fraud scheme where cybercriminals leverage the Telegram messaging platform to steal from restaurants and food delivery services. Research and analysis from Sift’s Digital Trust and Safety Architects found that bad actors are advertising their services on Telegram forums in order to purchase food and beverage orders at a reduced price, using stolen payment information on behalf of customers.
How it Works:
- Professional fraudsters post in Telegram forums, such as “Fraud Market,” advertising their ability to illicitly buy food and beverage orders at heavily discounted rates, typically 60-75% off.
- Diners interested in taking advantage of this offer direct-message the professional fraudster along with a screenshot of their shopping cart from a food delivery service and their delivery address to place the order.
- The fraudster responds via direct message offering to buy the items in the shopping cart for a fraction of the actual cost.
- Once the fraudster accepts the order, the diner pays the fraudster using cryptocurrency, such as Bitcoin or Ethereum, via PayPal, Venmo, or Cash App.
- The fraudster then either creates a new account and uses stolen credit card details, or leverages a hacked account with stored value to pay for the meal and have it delivered to the diner.
Rising fraud among restaurant and delivery services
The advent of fraud marketplaces appearing on messaging apps comes as food and beverage delivery apps have seen notable increases in attempted payment fraud. In fact, according to data from the Sift global network of more than 34,000 apps and sites, fraud rates among restaurant apps and food delivery services increased 14% from Q3 to Q4 2020.
Payment fraud, as orchestrated by the bad actors using Telegram, can have devastating effects for merchants. When consumers notice their credit cards have been stolen and used for unapproved transactions, merchants not only must refund the consumer and lose the item, but also face hefty fines levied by their payment processors. When new and fruitful scams take hold like those leveraging messaging app forums, fraudsters quickly strike in order to steal from merchants before they are able to react and prevent these attacks.
Leveraging the Fraud Supply Chain
The messaging app scheme takes advantage of the fraud supply chain to successfully compromise food and beverage delivery applications: experienced cybercriminals access Dark Web marketplaces to purchase payment information that is often stolen via data breaches. Then, using these stolen payment methods, fraudsters are able to market their services in Telegram forums. Compounding the situation, and making this new fraud method more attractive, is the fact that the COVID-19 pandemic has forced many restaurants to close their dining rooms and quickly shift their operations online by leveraging application-based order and delivery services. Consumers have likewise responded, as the number of smartphone food delivery app users has increased from 36.4 million users in 2019 to 45.6 million users in 2020, according to Statista.
“The Dark Web can be difficult to access and with frequent marketplace shutdowns by law enforcement, bad actors are looking for new places to commit crime. End-to-end encrypted messaging platforms like Telegram are attractive options as they are more accessible and it is easier to go undetected when committing low-level fraud,” said Brittany Allen, Trust and Safety Architect at Sift. “While merchants may not be able to prevent fraudsters from marketing their services in messaging apps, they can protect themselves at the point of attack by adopting a Digital Trust & Safety strategy, which prevents fraud while reducing friction for legitimate customers.”
Lockdown Fraud Methods
Food and delivery fraud isn’t the only type of scam that has seen a rise at the moment, with romance fraud – scamming someone out of money by pretending to be in a relationship – has seen a surge during the pandemic due to the increase in online dating. A new report from the Financial Trade Commission has found romance fraud is at an all-time high, losses to scams in 2020 reached a record $304 million, up about 50% from 2019.
According to the FBI’s Internet Crime Complaint Center (IC3), 560 victims in Arizona alone reported losses of more than $12 million in connection with confidence fraud/romance scams in 2020. Law enforcement all over the globe are warning people to be extra vigilant this Valentine’s Day, as these scammers prey on those looking for love on online dating sites and apps.
Romance scams usually work by fraudsters convincing their victims that they are in a relationship over the internet, usually without having met them in person. Once trust is built the scammers will then ask for money, usually for something urgent like a medical bill or crucial travel for example. These fraudsters will often prey on the elderly and vulnerable, with one elderly widow in Oregon losing $200,000 to such a scam.
Pauline Smith, head of Action Fraud, said to BBC News.“The lockdowns, and other restrictions on our social lives, implemented because of the coronavirus outbreak, have meant more people have been seeking companionship online and this has undoubtedly affected the number of reports we have seen.”