Skip to content

Crooks Are Hungry for Your Grubhub and Instacart Accounts

AARP-sponsored study on identity fraud spots pandemic-era trend

Woman using mobile app on smartphone to order food delivery online at home in self isolation during the Covid-19 health crisis

Getty Images

En español | Consumers lost $56 billion to identity fraud in 2020, when a new hot commodity for crooks were stolen credentials for accounts such as Grubhub, Instacart, DoorDash and Uber Eats.

The pandemic-year trend emerges in a study that is silent on whether crooks crave haute cuisine or fast food. What is clear is that as consumers want the ease of having groceries delivered and dinner dropped off at their front door, there is a thriving criminal marketplace for account credentials for contactless deliveries, an AARP-sponsored study shows.

Since there's a street value for the pilfered account info, “cybercriminals were willing to steal consumer credentials to tap into a stream of delivery services,” the study says.

The study examined several aspects of identity fraud, which is worse than identity theft since a person's sensitive data is not only stolen, it also is used to commit a crime.

One of the categories — and here's where the Grubhubs of the world come in — is called non-financial accounts. Delivery services accounted for 18 percent of all the identity frauds in this category, surpassing compromised accounts for mobile phones, social media platforms, emails and utilities.

The findings emerge in an online survey of 5,000 adults last fall by Javelin Strategy & Research of Pleasanton, California. The firm has been examining fraud trends since 2003.

Top Scams in 2020

These were the top identity-fraud scams in 2020. The percentages reflect the share relative to the pool of all such fraud victims last year.

Crooks covet credit card numbers

Other key findings from Javelin's “2021 Identity Fraud Study":

  • Credit card numbers also were coveted by crooks. Twenty-four percent of people who were victims of identity fraud had credit card numbers pilfered, surpassing email addresses and passwords; physical addresses; debit card numbers; dates of birth; mobile phone numbers; and Social Security numbers.
  • Criminals tailor their tactics based on the age of the people they are targeting. If they are seeking victims age 41 to 65, they will communicate in emails, robocalls and texts, with come-ons about interest rates, other financial information and parcel tracking. For victims age 57 to 75, robocalls are the preferred method of outreach and the “trigger” topics relate to the Internal Revenue Service, Social Security and health care.
  • The top target for "account takeovers" were major credit-card accounts. In an account takeover, your username, logon information and the mobile number associated with the account are manipulated or changed in a way that prevents you from accessing your account and receiving notifications about possibly fraudulent activity.
  • In 2020 Javelin added two new categories for account takeovers: brokerage accounts and retirement accounts including individual retirement accounts (IRAs) and 401(k) accounts. The additions are a signal that consumers should monitor their investment accounts carefully, require two-factor authentication to access an account and take additional steps for good cybersecurity.

AARP Membership -$12 for your first year when you enroll in automatic renewal

Join today and save 25% off the standard annual rate. Get instant access to discounts, programs, services, and the information you need to benefit every area of your life. 

Top fraud of 2020: Fake tech support

The most popular scam criminals used to defraud last year involved purported computer-tech support. Tech-support scams hit 22 percent of all identity-fraud victims.

It's a tried-and-true scam that's been around for years and remains successful, the study says. It works like this: Through ruses, consumers become convinced that a qualified technician from a well-known tech firm has been dispatched to assist them with a phony computer problem. Regrettably, the consumer may grant the sham technician remote access to his or her computer, resulting in a total takeover of the device, including its email accounts and payments apps.

Customer satisfaction elusive

Perhaps not surprisingly, most consumers were not satisfied when they sought help from their financial institutions to resolve account issues arising from identity fraud: 69 percent said the firm did not resolve the issue; 38 percent closed the account citing poor resolution of the issue; and 31 percent said the financial institution resolved the issue with no additional steps required by the consumer.

The online survey took place Oct. 30-Nov. 16. When respondents answered all questions, the survey's margin of error is plus or minus 1.4 percent; for questions answered by identity fraud victims, the margin of error is plus or minus 3.2 percent.

Katherine Skiba  covers scams and fraud for AARP. Previously she was a reporter with the  Chicago Tribune,  U.S. News & World Report, and the Milwaukee Journal Sentinel. She was a recipient of Harvard University’s Nieman Fellowship and is the author of the book, Sister in the Band of Brothers: Embedded with the 101st Airborne in Iraq. 

AARP’s Fraud Watch Network can help you spot and avoid scams. Sign up for free Watchdog Alerts, review our scam-tracking map, or call our toll-free fraud helpline at 877-908-3360 if you or a loved one suspect you’ve been a victim.