Fraudsters are Feasting on Popular Messaging App

At Sift, we’re constantly on the lookout for new fraud trends and schemes that affect not only our customers but the general public as well. Usually, when we uncover a new attack type or fraud ring, the perpetrators try to hide their tactics and attempts, either via the difficult-to-access dark web or marketplaces that are known to be havens for criminals. But recently, we identified a fraud scheme that has been taking off on a popular messaging app, in plain view of the public. And high-profile sporting events like last Sunday’s Big Game, coupled with the global pandemic’s effect on overall consumer behavior, have only exacerbated the problem.

Direct messages lead directly to fraud

Cybercriminals are taking to the Telegram messaging platform to steal from restaurants and food delivery services. Sift’s Trust and Safety Architects found that bad actors are advertising their services on Telegram forums in order to purchase food and beverage orders on behalf of customers at a reduced price, and using stolen payment information.

The following infographic illustrates how it works:

The shift in consumer behavior since the start of the pandemic, especially over the past few months, has created the perfect environment for this type of payment fraud to flourish. More and more people are turning to mobile ordering to comply with local stay-at-home orders and to avoid unnecessary in-person contact. In fact, the number of smartphone food delivery app users has increased from 36.4 million users in 2019 to 45.6 million users in 2020, according to Statista. We have also seen an uptick in fraud on food delivery apps. According to data from Sift’s global network of more than 34,000 apps and sites, fraud rates among restaurant apps and food delivery services increased 14% from Q3 to Q4 2020.

Big sporting events bolster Telegram fraud scheme

It’s not just the pandemic that’s ringing the dinner bell for fraudsters, big sporting events are increasing the frequency of this type of fraud. Our Trust and Safety Architects spotted advertisements and posts on Telegram that coincided with UFC 257: Poirier vs. McGregor 2, the mixed martial arts fight that occurred in January 2021. Below is a screenshot of one such post.

The championship of the National Football League for the 2020 season also coincided with fraudsters becoming more active on Telegram. Below is another screenshot of a conversation in a forum where consumers connected with fraudsters to receive heavily discounted food and beverages for “The Big Game.”

Stopping the messenger (if not the message)

So how do businesses stop this type of fraud? There’s good news and bad news. While merchants may not be able to prevent fraudsters from marketing their services in messaging apps, they can protect themselves before and at the point of attack by adopting a Digital Trust & Safety strategy, which prevents fraud while reducing friction for legitimate customers. That way, no matter how many ads they post, fraudsters will be hard-pressed to successfully execute their attempts. A holistic fraud prevention solution with industry-leading machine learning that can quickly adapt to changing fraud trends and consumer behavior is crucial to staying ahead of fraudsters’ ever-evolving tactics—without sacrificing growth or insulting legitimate customers.