Policy

DoorDash workers got phished. They say DoorDash refused to help.

The phishing scam resulted in one worker losing nearly $900. DoorDash reimbursed these workers only after Protocol reached out.

DoorDash

DoorDash workers say the company was initially unhelpful in resolving their issues.

Photographer: Gabby Jones/Bloomberg via Getty Images

Sherrie Vidaurri first started delivering for DoorDash in March, and she loved it. The work paid at least $100 per day. In her first week on the job, Vidaurri made a little under $1,000.

"I loved it because I could work when I wanted and didn't have to work when I didn't want to," she told Protocol. "I was really happy. I mean, I couldn't believe I got paid to do what I was doing."

Vidaurri's feelings started to change the week of May 9, when she fell victim to a phishing scam that resulted in the loss of nearly $900. What made matters worse was her experience trying to resolve the issue with DoorDash: Vidaurri and another Dasher did not receive compensation for their stolen wages until they and the Gig Workers Collective reached out to Protocol.

"I am so shocked and thankful," Vidaurri told Protocol when she received an email about her recovered wages in her inbox. She added, "They had to be shamed into doing the right thing."

A phishy link

Phishing scams affected 241,342 people last year, making it the top cybercrime in 2020, according to the FBI's internet crime report. The scams resulted in a collective loss of about $54 million. Meanwhile, 61% of Americans could not identify a fraudulent website, according to a 2019 survey.

The scam works like this: DoorDash workers receive an order that they begin to fulfill. The Dasher then receives a phone call from someone pretending to be a DoorDash support representative, saying the order has been canceled. But because DoorDash hasn't actually canceled the order, the Dasher is unable to get it off their screen. That's when the scammer offers to send the Dasher a link. Upon clicking the link, the Dasher gets logged out of their account and then has to enter their username and password.

The scammer who called Vidaurri also told her about a bogus delivery "challenge" that would give her a $200 bonus. She completed the required number of deliveries the scammer told her to, but never received her bonus. That's when she called DoorDash's support team, only to find the support agent had no idea what she was talking about.

That night, the scammer called Vidaurri again to let her know she had successfully completed the challenge. All she had to do was "confirm" some information and then they would send her a Visa gift card in the mail.

"That kind of raised my suspicion a little bit, but not to the level of there's a problem," Vidaurri said. "And that code he sent me and what I read back to him gave him the last piece of what he needed to change my banking information inside my DoorDash app."

Vidaurri realized something was wrong a couple of days later when she went back to work. She couldn't seem to contact her customer, so she called the support team again, thinking there might be something wrong with the technology DoorDash uses to connect customers with delivery drivers. The support representative asked Vidaurri to confirm some information, but none of it matched what was on her file — because the scammers had gone into her account and changed all her information.

Unfortunately, the support agent was unable to help. "She couldn't do anything for me other than escalate the situation and put it up the chain," Vidaurri said.

Vidaurri started asking questions about how the scam would affect her and her standing in the DoorDash community. But the representative grew irritated with her, she said: "I really tried not to be rude, but I'm sure I came off poorly, because she hung up on me."

Vidaurri called back. This time, she spoke with a different representative who confirmed for her that the scammer successfully withdrew money from her DoorDash account and deposited it into their bank account. The representative explained that it was too late for DoorDash to cancel the payment and retrieve it, but that the company would get back to her within 48 hours. DoorDash never got back to her, she said.

DoorDash did email Vidaurri about suspicious attempts to log in to her account, in the days leading up to when the scammer changed her bank account information. Unfortunately, Vidaurri didn't see those emails immediately and by the time she did, DoorDash had already inadvertently paid the scammers.

"The last time I spoke to anybody, I was basically told that, on their end, the situation is solved," she said. "And that on their end, they're done."

'There is nothing more we can do to salvage these stolen funds'

Dasher Shelly Roofe caught the scammers midway through the process when they tried a similar tactic on her. She successfully reset her DoorDash password and corrected her banking information before the platform distributed the payment, but DoorDash never paid her the $246 she legitimately earned that week, she told Protocol. Similar to Vidaurri, Roofe only received money — $185.14 of it — after we reached out.

DoorDash told Roofe they first needed to conduct an investigation, which could take up to 11 days. Eleven days and then some went by without her money.

In an email to Roofe on May 31, DoorDash acknowledged how frustrating it must be for her, saying the company "understand[s] how hard [she] worked on the DoorDash platform for these earnings."

The support representative went on to blame her, Roofe said.

"Unfortunately, by sharing your password and/or your security code, you gave someone else access to your account and to your money — it's just like giving out the PIN to your ATM card or debit card," the representative wrote in the email seen by Protocol. "For your security and protection, we do not keep your bank account information in our own records. That information lives in your Dasher app and is accessed by our third party payments vendor in order to pay you. When we received your inquiry, we contacted our payments vendor and had them attempt to reverse the transfer of funds. Unfortunately, they were unable to recover your payment. At this point, there is nothing more we can do to salvage these stolen funds."

Roofe felt frustrated by that response because she had already updated her account before payday, she said. Roofe maintains that the scammers didn't take her money — DoorDash withheld it.

"DoorDash takes the trust of our community very seriously, and we're committed to the security of those we serve," a DoorDash spokesperson told Protocol. "We have addressed the fraudulent activity and resolved the issue for both Dashers involved, and appreciate their patience as we ensured proper payment into the correct accounts."

A 'one-time courtesy' reimbursement

DoorDash says it has a policy to reimburse Dashers who have experienced and reported fraud. If workers do experience fraud, DoorDash says they should contact customer support to help resolve the issue. That's why it felt odd to Vidaurri that she received little to no support from DoorDash during this whole process.

DoorDash's email to Vidaurri, viewed by Protocol, specified that "this repayment is a one-time courtesy." It also said DoorDash has the right "not to provide this courtesy if we determine that you have jeopardized the security of your account by sharing your confidential information."

Both Roofe and Vidaurri are relieved to have gotten their money back, but feel frustrated with DoorDash for not doing more to support them and to warn other Dashers of the scam.

It's unclear how many workers the scam has affected. DoorDash said these were one-off incidents and that these types of phishing scams are not a prevalent issue on the DoorDash platform. But on a Reddit thread, a handful of other people reported experiencing similar issues in the past month.

Whether or not it's prevalent, Vidaurri would have liked for DoorDash to have notified her and other Dashers about the scam, just as DoorDash has sent notifications to Dashers warning them not to leave their cars running while they run inside to pick up food due to the potential for vehicle theft. DoorDash could also provide an onboarding process for Dashers in which it explains the ways it will or won't contact Dashers and the type of information they'll never request from Dashers, she added.

"They knew this was happening because they'd been getting a ton of phone calls from people already for two days," Vidaurri said. "When I called support, the gal immediately knew what was going on."

Roofe similarly feels frustrated in DoorDash's handling of the scam, especially given that it happened to Vidaurri two weeks before it happened to her.

"I feel violated because they never informed us there was a problem and they apparently have known about this for a while," Roofe said. "They knew but never said anything about it. They never warned us."







Fintech

Judge Zia Faruqui is trying to teach you crypto, one ‘SNL’ reference at a time

His decisions on major cryptocurrency cases have quoted "The Big Lebowski," "SNL," and "Dr. Strangelove." That’s because he wants you — yes, you — to read them.

The ways Zia Faruqui (right) has weighed on cases that have come before him can give lawyers clues as to what legal frameworks will pass muster.

Photo: Carolyn Van Houten/The Washington Post via Getty Images

“Cryptocurrency and related software analytics tools are ‘The wave of the future, Dude. One hundred percent electronic.’”

That’s not a quote from "The Big Lebowski" — at least, not directly. It’s a quote from a Washington, D.C., district court memorandum opinion on the role cryptocurrency analytics tools can play in government investigations. The author is Magistrate Judge Zia Faruqui.

Keep Reading Show less
Veronica Irwin

Veronica Irwin (@vronirwin) is a San Francisco-based reporter at Protocol covering fintech. Previously she was at the San Francisco Examiner, covering tech from a hyper-local angle. Before that, her byline was featured in SF Weekly, The Nation, Techworker, Ms. Magazine and The Frisc.

The financial technology transformation is driving competition, creating consumer choice, and shaping the future of finance. Hear from seven fintech leaders who are reshaping the future of finance, and join the inaugural Financial Technology Association Fintech Summit to learn more.

Keep Reading Show less
FTA
The Financial Technology Association (FTA) represents industry leaders shaping the future of finance. We champion the power of technology-centered financial services and advocate for the modernization of financial regulation to support inclusion and responsible innovation.
Enterprise

AWS CEO: The cloud isn’t just about technology

As AWS preps for its annual re:Invent conference, Adam Selipsky talks product strategy, support for hybrid environments, and the value of the cloud in uncertain economic times.

Photo: Noah Berger/Getty Images for Amazon Web Services

AWS is gearing up for re:Invent, its annual cloud computing conference where announcements this year are expected to focus on its end-to-end data strategy and delivering new industry-specific services.

It will be the second re:Invent with CEO Adam Selipsky as leader of the industry’s largest cloud provider after his return last year to AWS from data visualization company Tableau Software.

Keep Reading Show less
Donna Goodison

Donna Goodison (@dgoodison) is Protocol's senior reporter focusing on enterprise infrastructure technology, from the 'Big 3' cloud computing providers to data centers. She previously covered the public cloud at CRN after 15 years as a business reporter for the Boston Herald. Based in Massachusetts, she also has worked as a Boston Globe freelancer, business reporter at the Boston Business Journal and real estate reporter at Banker & Tradesman after toiling at weekly newspapers.

Image: Protocol

We launched Protocol in February 2020 to cover the evolving power center of tech. It is with deep sadness that just under three years later, we are winding down the publication.

As of today, we will not publish any more stories. All of our newsletters, apart from our flagship, Source Code, will no longer be sent. Source Code will be published and sent for the next few weeks, but it will also close down in December.

Keep Reading Show less
Bennett Richardson

Bennett Richardson ( @bennettrich) is the president of Protocol. Prior to joining Protocol in 2019, Bennett was executive director of global strategic partnerships at POLITICO, where he led strategic growth efforts including POLITICO's European expansion in Brussels and POLITICO's creative agency POLITICO Focus during his six years with the company. Prior to POLITICO, Bennett was co-founder and CMO of Hinge, the mobile dating company recently acquired by Match Group. Bennett began his career in digital and social brand marketing working with major brands across tech, energy, and health care at leading marketing and communications agencies including Edelman and GMMB. Bennett is originally from Portland, Maine, and received his bachelor's degree from Colgate University.

Enterprise

Why large enterprises struggle to find suitable platforms for MLops

As companies expand their use of AI beyond running just a few machine learning models, and as larger enterprises go from deploying hundreds of models to thousands and even millions of models, ML practitioners say that they have yet to find what they need from prepackaged MLops systems.

As companies expand their use of AI beyond running just a few machine learning models, ML practitioners say that they have yet to find what they need from prepackaged MLops systems.

Photo: artpartner-images via Getty Images

On any given day, Lily AI runs hundreds of machine learning models using computer vision and natural language processing that are customized for its retail and ecommerce clients to make website product recommendations, forecast demand, and plan merchandising. But this spring when the company was in the market for a machine learning operations platform to manage its expanding model roster, it wasn’t easy to find a suitable off-the-shelf system that could handle such a large number of models in deployment while also meeting other criteria.

Some MLops platforms are not well-suited for maintaining even more than 10 machine learning models when it comes to keeping track of data, navigating their user interfaces, or reporting capabilities, Matthew Nokleby, machine learning manager for Lily AI’s product intelligence team, told Protocol earlier this year. “The duct tape starts to show,” he said.

Keep Reading Show less
Kate Kaye

Kate Kaye is an award-winning multimedia reporter digging deep and telling print, digital and audio stories. She covers AI and data for Protocol. Her reporting on AI and tech ethics issues has been published in OneZero, Fast Company, MIT Technology Review, CityLab, Ad Age and Digiday and heard on NPR. Kate is the creator of RedTailMedia.org and is the author of "Campaign '08: A Turning Point for Digital Media," a book about how the 2008 presidential campaigns used digital media and data.

Latest Stories
Bulletins