Delivery Drivers Targeted by Sophisticated Phishing Scams
Hızlı Bakış
- Delivery drivers, including DoorDash and Uber Eats workers, are falling victim to sophisticated phishing scams.
- Scammers impersonate support staff, tricking drivers into revealing personal details to steal earnings from their app wallets.
- The Transport Workers Union reports significant financial losses and calls for better platform security.
Yapay zekâ özeti
Neden Önemli?
Delivery drivers are increasingly targeted by sophisticated phishing scams, leading to significant financial losses. The Transport Workers Union is assisting victims and calling for better security measures from platforms like DoorDash and Uber.
Andrew Rhodes is a tech-savvy 26-year-old who knows giving out personal information to unsolicited callers is a recipe for being scammed.
However, while pulled over on the side of a road at 1:30am, at the tail end of a long workday, he said he had little presence of mind to spot the red flags.
The Gold Coast man was less than a week into his side job doing DoorDash deliveries when he fell prey to a phishing scam through the delivery service's app.
Moments after leaving for a pick-up, he received a phone call, followed by an automated message saying the caller was from DoorDash.
Impersonating support staff, the caller told Mr Rhodes the order was cancelled due to suspected customer fraud, and that he needed to confirm some identity details to be compensated for the distance he had travelled.
"It's like they have a script. They're super confident in everything they say," Mr Rhodes said.
The following day, Mr Rhodes found roughly $200 in earnings wiped from his DoorDash wallet after being redirected to another bank account. He reported the issue, but weeks later, another $150 was stolen.
"Because they already halfway had my details … they never had to contact me for the second time," he said.
One worker lost $21,000
This case is part of an increasingly sophisticated phishing scam targeting delivery drivers across the country at a time when a record number of people are taking up side hustles to make ends meet.
The Transport Workers Union (TWU) said it had seen complaints escalate in the past six months and has helped recover more than $50,000 in stolen funds, including $21,000 for one individual.
"And then there's very little recourse for the workers in that the problem is they can't then contact the platform easily to get it resolved, to complain, to check on the identity [of the scammer], to see what's going on," she said.
Ms McMillan said scammed drivers often faced difficulties logging issues due to DoorDash and Uber's "skeleton staff", while simultaneously remaining locked out of their accounts and unable to earn an income.
"So, they're being penalised for being the victim. There's a kind of double issue with this," she said.
"It's fantastic that we now have a mechanism where drivers can come to the union and we can act as a conduit for them, but it's not good enough that they need that to happen and we need to force that issue with platforms."
'In-built vulnerability'
The scam is known to follow a set pattern: a scammer, masquerading as a customer, places an order; a worker accepts it; they are called to be told of a cancellation; then tricked into providing personal details that are used to access their accounts.
The TWU said these orders were typically placed from locations inaccessible by road to prevent drivers from getting close enough to trigger a cancellation.
It said drivers often did not realise the pick-up pin had been changed to remote locations.
Ms McMillan said the algorithmic and digital nature of delivery work meant there was an "immediate, in-built vulnerability" to phishing scams.
"We've got [more and more] people that have realised they can use this as a way to try and get this money," she said.
Mr Rhodes said he had noticed a spike in what appeared to be suspicious emails the night before DoorDash's pay cycle.
The union believes the scam is run from within the DoorDash and Uber app interface, not externally, and that the phished details are used to break into accounts using a hacking technique called "brute force".
Often used post-phish, brute force involves generating password combinations until the correct one is cracked.
Cybersecurity expert Troy Hunt said the onus for safeguarding against these attacks fell on organisations.
"The question is always: 'What controls are in place by the provider that you're authenticating to limit brute force?' But, at the same time, help people who might have just forgotten their PIN or fat-fingered it," he said.
Scams big business, but about more than money
Australians lost more than $2 billion to scams last year, according to the Australian Competition and Consumer Commission (ACCC), including $97 million to phishing scams.
Following ABC enquiries, the ACCC last month sent out a public alert about scammers targeting food-delivery drivers.
For Mr Rhodes, the frustration went beyond the monetary loss.
"It might not be a whole bunch of money but think of all the hours of wear and tear in your car as well and even just your mental health [after] going out for hours at a time," he said.
He said he wanted stronger protections in an industry that had otherwise made a tangible financial difference for him.
"It really does help. It's helped with all my bills, it's helped me get ahead, it's helped me go on holiday already."
"It is pretty disheartening when somebody tries to take that hard-earned money from you."
DoorDash and Uber said in statements they were working hard to combat scam activity on their platforms.
Açık Sorular
- What specific security measures are DoorDash and Uber implementing?
- Will platforms compensate drivers for losses beyond initial recovery efforts?
- How widespread is this scam beyond Australia?

