- cross-posted to:
- Technology@programming.dev
- cross-posted to:
- Technology@programming.dev
Devagiri admitted to working with others in 2020 and 2021 to cause DoorDash to pay for deliveries that never occurred. At the time, Devagiri was a delivery driver for DoorDash orders. Under the scheme, Devagiri used customer accounts to place high value orders and then, using an employee’s credentials to gain access to DoorDash software, manually reassigned DoorDash orders to driver accounts that he and others controlled. Devagiri then caused the fraudulent driver accounts to report that the orders had been delivered, when they had not, and manipulated DoorDash’s computer systems to prompt DoorDash to pay the fraudulent driver accounts for the non-existent deliveries. Devagiri would then use DoorDash software to change the orders from “delivered” status to “in process” status and manually reassign the orders to driver accounts he and others controlled, beginning the process again. This procedure usually took less than five minutes, and was repeated hundreds of times for many of the orders.
The scheme resulted in fraudulent payments exceeding $2.5 million.
So many technically smart criminals being busted by just not having OPSEC. Dude did the technical theft and left his IP wide open. Get behind seven proxies.
What a fucking moron. Like DoorDash isn’t going to notice this shit?
edit: so it’s been pointed out that you must have a legit ID to sign up for DoorDash and they probably didn’t track him down on the internut. I guess I have to assume that a smart guy that had a DD account found this hole and exploited it with his own DD account. his. own. DD. account. That’s super dumb, even dumber than I thought at first. Why wouldn’t he use my DD account? Why wouldn’t he use yours? (I don’t have a DD account)
edit again: why do so many people want to downvote in this thread and not tell me why this motherfucker is one of the dumbest criminals ever? There’s been a few that want to argue but no one can tell me why he’s not a complete idiot.
Moot point, as DoorDash driver accounts require a verified driver’s license, comprehensive background check, and a valid bank account set up to deposit payment (though after setting up a direct deposit bank account, you can add alternative cash out options). Haven’t used DoorDash in a while, but UberEats started requiring facial recognition on top of all that, so I wouldn’t be surprised if that were in the DoorDash driver app, too. Hiding IP would do quite literally nothing in this scenario, as you can’t create an account anonymously. Counterfeit IDs would not work as they are verified against state records. Oh, and yet another step, you have to provide proof of auto insurance, which is yet another connection to your identity.
Hah, yeah what a dumbass
Where did you see that? I didn’t see anything in the article or in the linked indictment article.
It’s an assumption
I don’t think doordash lets you use a VPN.
Many platforms that deal with finance would reject an order when they detect VPNs or Tor (since that’s what fraudsters and scammers use), or they ask for additional verification (like SMS) to verify you are in fact the account holder. So they probably were just using their real IP address.
Well in this case a proxy isn’t a VPN, but an intermediate the criminal has taken control of. A proxy does not have to be legitimate.
True, but again, you’re making a lot of assumptions here. I don’t see anything about proxies anywhere.
He probably got caught because of an internal audit, that’s the assumption I would make.