- cross-posted to:
- Technology@programming.dev
- cross-posted to:
- Technology@programming.dev
Devagiri admitted to working with others in 2020 and 2021 to cause DoorDash to pay for deliveries that never occurred. At the time, Devagiri was a delivery driver for DoorDash orders. Under the scheme, Devagiri used customer accounts to place high value orders and then, using an employee’s credentials to gain access to DoorDash software, manually reassigned DoorDash orders to driver accounts that he and others controlled. Devagiri then caused the fraudulent driver accounts to report that the orders had been delivered, when they had not, and manipulated DoorDash’s computer systems to prompt DoorDash to pay the fraudulent driver accounts for the non-existent deliveries. Devagiri would then use DoorDash software to change the orders from “delivered” status to “in process” status and manually reassign the orders to driver accounts he and others controlled, beginning the process again. This procedure usually took less than five minutes, and was repeated hundreds of times for many of the orders.
The scheme resulted in fraudulent payments exceeding $2.5 million.
You must log in or register to comment.
Woah, 20yrs max…, it seems to only pay when you steal from the poor and have train loads of lawyers at hand.
So many technically smart criminals being busted by just not having OPSEC. Dude did the technical theft and left his IP wide open. Get behind seven proxies.
What a fucking moron. Like DoorDash isn’t going to notice this shit?
edit: so it’s been pointed out that you must have a legit ID to sign up for DoorDash and they probably didn’t track him down on the internut. I guess I have to assume that a smart guy that had a DD account found this hole and exploited it with his own DD account. his. own. DD. account. That’s super dumb, even dumber than I thought at first. Why wouldn’t he use my DD account? Why wouldn’t he use yours? (I don’t have a DD account)
edit again: why do so many people want to downvote in this thread and not tell me why this motherfucker is one of the dumbest criminals ever? There’s been a few that want to argue but no one can tell me why he’s not a complete idiot.
Moot point, as DoorDash driver accounts require a verified driver’s license, comprehensive background check, and a valid bank account set up to deposit payment (though after setting up a direct deposit bank account, you can add alternative cash out options). Haven’t used DoorDash in a while, but UberEats started requiring facial recognition on top of all that, so I wouldn’t be surprised if that were in the DoorDash driver app, too. Hiding IP would do quite literally nothing in this scenario, as you can’t create an account anonymously. Counterfeit IDs would not work as they are verified against state records. Oh, and yet another step, you have to provide proof of auto insurance, which is yet another connection to your identity.
Hah, yeah what a dumbass
Where did you see that? I didn’t see anything in the article or in the linked indictment article.
It’s an assumption
I don’t think doordash lets you use a VPN.
Many platforms that deal with finance would reject an order when they detect VPNs or Tor (since that’s what fraudsters and scammers use), or they ask for additional verification (like SMS) to verify you are in fact the account holder. So they probably were just using their real IP address.
Well in this case a proxy isn’t a VPN, but an intermediate the criminal has taken control of. A proxy does not have to be legitimate.
True, but again, you’re making a lot of assumptions here. I don’t see anything about proxies anywhere.
He probably got caught because of an internal audit, that’s the assumption I would make.
Cool crime
Love your username 🐍🐓🪿😂
I thought financial cheats were totally cool now and you’d be stupid NOT to take advantage of loopholes. Unless…
You have to use a corporation to steal money and not face punishment if caught.
I’m struggling to see how this actually made money. Because presumably the customer is paying for the delivery (as well as the food that was never ordered). So the fraudsters would just be paying themselves in a complicated way. My best guess is one of the following:
- DoorDash is subsidizing orders so much that this is profitable overall (the amount they pay the driver is more than the customer pays) seems unlikely.
- DoorDash is paying the driver multiple times but only charging the customer once. But if this was the case how was this obvious accounting issue never noticed? Shouldn’t the books come out even in the end?
There is no customer involved.
- They place an order and pay for it
- They force the order to be assigned to one of the drivers
- Driver claims the order is delivered
- Doordash pays the driver
- They overwrite the data so that it goes back to step by 2.
- They “deliver” and get paid for the same order hundreds of times.
Books were probably red, but it takes a while to identify something like this.
Wow. Wonder how they got caught. Or maybe likely the Feds don’t want people to know
Simple. Manual reassigns are very unusual and that all being done by one employee (like an actual employee of Doordash that works on the digital platforn, not a driver), and they all are assigned to a small group of drivers. That would look very obvious if someone looked at the logs.
All they need is one confession from any of the driver, or the employee involved in this scheme, then the whole thing unravels.
Also, I’m under the impression that they stole customer accounts to make those orders. Customers would’ve reported that fraudulent purchases were made.
People being creative in the wrongest of ways
