Mobile delivery apps became more popular than ever during the pandemic. But it didn't take long for cyber criminals to capitalize on America's changing food habits during lockdown.
Brittany Allen, a safety architect with the fraud prevention platform Sift, refers to the food app hacks as "account takeover attacks," or just "ATOs."
"They will target delivery apps like Grubhub and Seamless. They will also target your favorite fast food restaurants," Allen says.
Next thing you know, you're locked out of your account, or your hard-earned rewards disappear, and cases are going through the roof.
According to Sift, "ATO" attacks soared a staggering 307% over the past year. And this is what the fallout looked like for the victims:
45% of consumers had their money stolen;
42% had unauthorized purchases on a stored credit card;
26% lost loyalty credits and rewards.
Here are some ways you can protect your account:
- Start with creating a unique password;
- Be sure you use a different one for each app - because once a hacker has your password for one site, they'll try it on all the others until they get in;
- Also be on the lookout for strange email notifications or the inability to log into your account. If that happens, contact the merchant right away.
The
New 12's
Turn To Tara team reached out to Uber Eats, Grubhub and DoorDash to ask what they are doing to prevent more attacks, below are their statements:
UBER:
We take the security of users' accounts very seriously, and if users believe that their account has been compromised, we encourage them to report it to us so we can investigate and take action.
Users should follow some very clear, basic tips to avoid falling victim to scams. There is a blog on five tips for protecting your Uber account that includes the below tip:
- Uber would never call or text and ask someone to give out their personal information (phone number, email address, password, SSN, credit card, or two-factor verification code).
If a user believes their account has been compromised, they can report the issue to our team to investigate at help.uber.com or through the Uber App.
GRUBHUB:
We're vigilant to prevent unauthorized activity, and we have safeguards in place to monitor and protect against deceptive activity, such as securely encrypting credit and debit card information using a third-party payment processor. But unfortunately, there will always be people who try to use technology fraudulently. We encourage diners to contact us and their bank immediately if they notice suspicious charges or unauthorized account activity.
As a matter of practice, we also recommend that diners monitor their account and use a password that is unique to Grubhub and change it regularly.
DOORDASH:
A DoorDash spokesperson said:
DoorDash takes the safety and security of our community extremely seriously. We are constantly improving our defenses to try to stay ahead of bad actors and help keep our community safe. We strongly remind all consumers to always keep their DoorDash account and personal information secure. The most important things to remember are to have a strong, unique password and never share it with anyone. If you receive a request for a password or security code, please do not share it and contact DoorDash immediately.
Got a problem? You should Turn to Tara.
HERE'S HOW.