The demand for food delivery services like DoorDash has surged. Apps offering meals delivered straight to your door are convenient and give you a great selection. But considering how much sensitive data these apps collect from users, how safe are they? A DoorDash data breach highlights how much personal information is stored by these services, so what scams do you need to look out for, and how to avoid falling the victim of the DoorDash text messages? You can find out the answers in this article.
DoorDash Data Leak
In a 2019 blog post, DoorDash warned users of a data leak that happened on May 4, 2019. The breach affected approximately 4.9 million consumers, Dashers, and merchants who joined the platform on or before April 5, 2018. Among the sensitive data accessed by the “unauthorized third party” were people’s names, email addresses, delivery addresses, order history, phone numbers, plus hashed and salted passwords. The leak also compromised some customers’ credit card details and digits associated with the account numbers of some merchants. Approximately 100,000 Dashers’ driver’s license numbers were further exposed by the breach.
Multiple DoorDash Scams You Should Know About
While amateur hackers use these accounts just to order free food, some use the information in these accounts for targeted phishing campaigns, vishing, and smishing. These phishing campaigns are used to infiltrate a system or infect devices and networks with ransomware.
Here are some typical Doordash scams you need to watch out for.
DoorDash Smishing Scams
DoorDash says that the leak exposed only the last four digits of consumer payment cards, and the last four digits of account numbers for merchant and Dasher accounts. But since it exposed many other sensitive data like phone numbers and addresses, users should watch out for scams meant to collect their full financial account details.
Some users in forums have reported receiving smishing texts from hackers pretending to be from DoorDash. The message details of a food order you supposedly placed, with a link that claims should help you verify your account information.
You may also be told to confirm this delivery so if you didn’t order anything through the app, you’d be compelled to click the link to cancel it. The link will lead to a pharming site that will collect your credit card information.
DoorDash Email Survey Scam
Nothing is quite as luring for customers of delivery services as the promise of a huge discount on future orders. Beware of phishing emails with this kind of MO. The email survey scam will ask you to answer a survey and in exchange for your time, they’ll promise a discount to be applied to your next DoorDash order. Offers for another delivery service like UberEats might be included too. You’ll be asked to log into your account.
Except this isn’t really from the food delivery company. The site they lead you to might look legitimate, but this one’s controlled by a hacker. Any information you enter will be harvested.
DoorDash Scams Targeting Delivery Workers
Even people trying to make an honest buck through the gig economy are being targeted by scammers. Numerous Dashers have reported getting scammed out of their DoorDash earnings.
Scammers use a phone cloaking tool to make their number appear like that from DoorDash. They then inform the Dasher of another device trying to access their accounts. The caller will then ask for the PIN and login information to supposedly “verify” his identity.
In a few days, the Dasher will realize that he or she didn’t get paid for all the deliveries. The hacker has managed to change the banking details in the DoorDash account, so the Dasher’s earnings were deposited into the fraudster’s account instead.
How to Identify a Fake DoorDash Text Message: 5 Telltale Signs
As seen above, spam texts can take many forms. That said, it can still be tricky to sniff one out, especially as hackers grow more sophisticated with their scams. Here are a few key signs to keep in mind that can help you spot a spam text or smishing scam:
- The message has no relevance to you: The message seems completely out of the blue and isn’t connected to an activity you’ve recently undertaken.
- The message conveys a sense of urgency: The message is urging you to act quickly to avoid some type of penalty.
- The message is from an unfamiliar phone number: The message is from a phone number you don’t recognize or a phone number with five to six digits instead of 10.
- The message contains misspellings and poor grammar: The message is written with poor grammar, misspelled words or generally awkward use of language.
- The message has a suspicious link: The message contains a suspicious link, often shown as a “bit.ly” link (bit.ly/yourprize001).
How to Avoid DoorDash Text Message Scams
There are a few steps you can take to reduce the chances of falling victim to the DoorDash text message scam:
- Opt-out of text marketing communications for companies and retailers you shop with.
- Use the second phone number app (like Dingtone) to protect your private phone number.
- Never respond to unsolicited texts (not even by using “STOP” to opt-out).
- Never click on links in a text from an unknown or suspicious sender.
- Never share any personal or financial information with an unknown sender.
- Be cautious about where you share your cell phone number or other personal information, especially in response to pop-up ads or free trial offers.
- Regularly update your phone’s security settings when prompted.
- Filter out potential spam texts from unknown senders (instructions below):
- iPhone: Tap Settings > Messages, then scroll down to Message Filtering > tap Unknown & Spam
- Android: In Messages, tap the three-dot icon > Settings > Spam protection