Criminals may be targeting your food ordering apps – NBC Boston

Mobile food apps make ordering easy, and you can collect enough reward points to get some free bites along the way.

But criminals are coming after them at an increasing rate.

“I never thought someone would hack my food accounts,” said NBC10 Boston executive producer Courtney Seymour.

She recently received a notice from Chipotle.

“Chipotle actually emailed me and said your email has changed, if it wasn’t you let us know,” she said. “And it wasn’t me, I was at the nail salon.”

Seymour said she was banned from her account.

“It’s a very vulnerable feeling when you can’t log into your account and you know your personal information is there. Your address for all that,” she said.

It’s called an account takeover attack, and according to fraud prevention platform Sift, which works with companies like DoorDash and McDonald’s, these crimes have increased by more than 300% during the pandemic.

“With fraudsters stuck at home but still needing to eat lunch and dinner, it just occasionally went through the roof,” said Brittany Allen, a trust and security architect for Sift. “And it keeps going because scammers have found that it’s a successful business for them and they’re actually able to make money using these accounts and be able to send food out to anyone who’s willing to pay them some Bitcoin or Ethereum.”

She said scammers advertise discounted meals on the deep web and are sometimes even brazen enough to do so on social media. And tough economic times have meant that more people who need to put dinner on the table are willing to bite the bullet.

“They will also post pictures where others or people who have received the food will brag about getting this food for basically no money or even free in some cases,” Allen said. “We’ve seen rooms full of pizza, we’ve seen tables piled high with fried chicken or Chinese takeout, whole boxes of doughnuts, pretty much whatever people want, it’s all open and fair game.”

According to Sift’s data, of the consumers who suffered an account takeover attack, 45% had money stolen, 42% had unauthorized purchases on a stored credit card and 26% lost loyalty credits and rewards.

Chipotle said in a statement: The privacy and security of our guests’ information is very important to us. We are among the many retail, hotel and restaurant companies affected by credential stuffing, where username and password combinations are accessed by third parties and used on websites of various companies to see if they can gain access.

To protect your food app accounts, always use unique passwords or a password manager, enable all security options available, and contact the merchant immediately if there is any suspicious activity on your account.

And if your account has been compromised, change the password of the email account it’s registered under.

Many food apps have security measures in place to encrypt and protect your payment information, so you don’t have to worry about it being used elsewhere or canceling your credit card if your account is hacked.