The Hustle

It’s not just pipelines; everyday gig workers are getting phished too

Gig workers (e.g., DoorDash, Postmates) are victims of a new phishing scam. Their status as contract workers does not help.


June 11, 2021

Not long ago, “getting Phished” meant waking up in a festival field wearing nothing but cargo shorts — 23 hours into a 3-day jam session, smelling like patchouli oil.

Now, the hackers are ruining it for us all.

Recently, high-profile cyberattacks of pipelines, meat factories, and ferry operations have cast new light on the existential risk of a digital society.

But it’s not just large organizations feeling the hack heat

A recent Protocol article details the rise of phishing attacks among DoorDash gig workers (AKA Dashers).

Here’s how these DoorDash attacks work:

  1. A DoorDash worker receives an order needing fulfillment
  2. The worker receives a call from someone pretending to be a DoorDash support representative, saying the order has been canceled
  3. The worker is unable to remove the order from their app (because it has not been legitimately canceled)
  4. The scammer offers to send the worker a link to clear their app
  5. The link prompts the worker to provide their username and password

The hackers then access and drain the Dasher’s account

Although Protocol was unable to confirm the number of scammed DoorDash workers, Reddit threads indicate a growing number of gig worker victims (Postmates couriers have been hit, too).

DoorDash suggests these are one-off problems. But gig workers are particularly vulnerable to phishing scams because of their relationship with their work. Often, they have no boss or co-workers to consult with and the money is just dropped into their account.

They simply follow the prompts of an app…

Join 1.5m+ professionals getting The Hustle daily news brief

Business and tech news in 5 minutes or less

100% free, no ads or spam, unsubscribe anytime

Exit mobile version