Mobile food apps make ordering easy and you may rack up enough rewards points to get some freebies along the way.
But criminals are coming after them at an increasing rate.
“I never thought that someone would hack my food accounts,” said NBC10 Boston executive producer Courtney Seymour.
She recently got an alert from Chipotle.
Get Boston local news, weather forecasts, lifestyle and entertainment stories to your inbox. Sign up for NBC Boston’s newsletters.
"Chipotle actually emailed me and said that oh your email has been changed, if it wasn’t you let us know," she said. "And it wasn’t me, I was at the nail salon."
Seymour said she was locked out of her account.
“It’s a very vulnerable feeling when you can’t log onto your account and you know your personal information is on there. Your address all of that stuff," she said.
It’s called an Account Takeover Attack and according to the fraud prevention platform Sift, which works with companies like DoorDash and McDonald’s, these crimes have increased more than 300% during the pandemic.
More consumer news
"With fraudsters stuck at home but still needing to eat lunch and dinner, that just went off and through the roof," said Brittany Allen, a Trust and Safety Architect for Sift. "And it’s continuing to go because fraudsters have found that it’s a successful business for them and they are actually able to make money off of using these accounts and being able to send food out to anyone who is willing to pay them a little bit of Bitcoin or Ethereum."
She said fraudsters advertise meals at a discount on the deep web, and are sometimes even brazen enough to do it on social media. And tough economic times have made more people who need to put dinner on the table willing to bite.
"They will also post pictures where others or people who received the food will brag about having gotten this food for basically no money or even for free in some cases," said Allen. "We’ve seen rooms full of pizza, we’ve seen tables stacked with fried chicken or Chinese take-out, entire boxes of donuts, pretty much whatever people want, it’s all open and all fair game."
According to Sift’s data, of the consumers who suffered an account takeover attack, 45% had money stolen, 42% had unauthorized purchases on a stored credit card and 26% lost loyalty credits and rewards.
Chipotle said in a statement: The privacy and security of our guests information is very important to us. We are among the many retail, hotel and restaurant companies affected by credential stuffing, in which combinations of user names and passwords are accessed by third parties and used on websites of different companies to see if they can gain access.
To protect your food app accounts, always use unique passwords or a password manager, enable all the security options that are available, and contact the merchant immediately if there is suspicious activity on your account.
And, if your account has been compromised, change the password to the email account it is registered under.
Many food apps have security measures in place to encrypt and protect your payment information, so you don’t have to worry about it being used elsewhere or canceling credit cards if your account is hacked.
Get updates on what's happening in Massachusetts to your inbox. Sign up for our News Headlines newsletter.