A fraud scheme where cybercriminals leverage the Telegram messaging platform to steal from restaurants and food delivery services was just identified by research and analysis from Sift’s Digital Trust and Safety Architects. The company discovered that bad actors are advertising their services on Telegram forums in order to purchase food and beverage orders at a reduced price, using stolen payment information on behalf of customers.
The advent of fraud marketplaces appearing on messaging apps comes as food and beverage delivery apps have seen notable increases in attempted payment fraud. In fact, according to data from the Sift global network of more than 34,000 apps and sites, fraud rates among restaurant apps and food delivery services increased 14 percent from Q3 to Q4 2020.
Payment fraud, as orchestrated by the bad actors using Telegram, can have devastating effects for merchants. When consumers notice their credit cards have been stolen and used for unapproved transactions, merchants not only must refund the consumer and lose the item, but also face hefty fines levied by their payment processors. When new and fruitful scams take hold like those leveraging messaging app forums, fraudsters quickly strike in order to steal from merchants before they are able to react and prevent these attacks.
Here's how it works:
- Professional fraudsters post in Telegram forums, such as “Fraud Market,” advertising their ability to illicitly buy food and beverage orders at heavily discounted rates, typically 60-75 percent off.
- Diners interested in taking advantage of this offer direct-message the professional fraudster along with a screenshot of their shopping cart from a food delivery service and their delivery address to place the order.
- The fraudster responds via direct message offering to buy the items in the shopping cart for a fraction of the actual cost.
- Once the fraudster accepts the order, the diner pays the fraudster using cryptocurrency, such as Bitcoin or Ethereum, via PayPal, Venmo, or Cash App.
- The fraudster then either creates a new account and uses stolen credit card details, or leverages a hacked account with stored value to pay for the meal and have it delivered to the diner.
The messaging app scheme takes advantage of the fraud supply chain to successfully compromise food and beverage delivery applications: experienced cybercriminals access Dark Web marketplaces to purchase payment information that is often stolen via data breaches. Then, using these stolen payment methods, fraudsters are able to market their services in Telegram forums.
Compounding the situation, and making this new fraud method more attractive, is the fact that the COVID-19 pandemic has forced many restaurants to close their dining rooms and quickly shift their operations online by leveraging application-based order and delivery services. Consumers have likewise responded, as the number of smartphone food delivery app users has increased from 36.4 million users in 2019 to 45.6 million users in 2020, according to Statista.
“The Dark Web can be difficult to access and with frequent marketplace shutdowns by law enforcement, bad actors are looking for new places to commit crime. End-to-end encrypted messaging platforms like Telegram are attractive options as they are more accessible and it is easier to go undetected when committing low-level fraud,” said Brittany Allen, Trust and Safety Architect at Sift. “While merchants may not be able to prevent fraudsters from marketing their services in messaging apps, they can protect themselves at the point of attack by adopting a Digital Trust & Safety strategy, which prevents fraud while reducing friction for legitimate customers.”