FBI has issued a new warning on hackers targeting grocery and food delivery services via credential stuffing attacks. The attack which works by using previously stolen / leaked credentials being used to hijack the online accounts for draining the funds or performing any other malicious activities which can lead to loss of personal or financial data.

Agency has identified that the hackers are reusing stolen / breached credentials on food chain service in hope that the credential might be reused by the victims and the agency has confirmed that the detailed notification had been sent to US food and agriculture sectors.

The threat intelligence company, darkowl , has identified that the cyber criminals are using these data’s for multiple purpose. one way the hackers are using these accounts is via “ Refund Policy Fraud”.

Underground cybercriminals have also uncovered ways to bypass most of the major food delivery service’s refund policies and now offer step-by-step instructions for single, one-time use or the opportunity to use third-party anonymous accounts for executing the order and the refund, while skimming either a flat rate or a percentage of the refund as commission for facilitating the refund fraud.”

Refund brokers who charge a flat rate for orders up to a certain value, likely operate a larger criminal enterprise, whereas others charging upwards of 45% per transaction, suggests they rely on issuing a fewer number of refunds with higher profit margin. “reads the blog post.

Figure 4 - UberEats & GrubHub Fraud Guide for Single-Use. Source: DarkOwl Vision (976763716e16fa2f111a0dd6aebe903a)
Source: Darkowl

Darkowl has also observed that multiple vendors compromised accounts are also sold in darkweb, one such account list from DoorDash can be seen from below image.

Figure 2 - Compromised DoorDash accounts on the darknet (including email and password) and associated balances for each account
Source: Darkowl

It is important to follow the best practices while using any accounts online for buying or for socializing and CyberWorkx reader can checkout the below recommendations to be incorporated while using online accounts.

  • Keep monitoring unauthorised access attempts with multiple login attempts or monitoring access attempts via various geographical locations at a short time.
  • Usage of MFA or 2FA helps to thwart multiple cyber attacks or misuse of the accounts.
  • Additional PIN or Passwords can be enabled and used for sensitive activities being performed such as paying for orders, changing the delivery addresses ,etc.
  • Never use same passwords for multiple online accounts as it will be take advantage on credential stuffing attack.
  • Never click on any links or attachment from unknown emails which entices the user to perform actions.

–-For more Cyber security write-ups in crisp content . Please follow our site via twitter handle @cyberworkx1

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s