Cybercriminals Are Impersonating Meal-Kit Services In Order To Steal Money And Personal Information
Cybercriminals are exploiting the tremendous growth in the number of meal-kit subscriptions since the start of the COVID-19 pandemic – impersonating various such services, or partners of such services, in order to steal people’s money and personal information.
Meal-kit services deliver to people’s homes either ready-to-eat meals or meals that are properly apportioned and prepared, but which still require cooking. Prior to the pandemic, a relatively small demographic – households with annual incomes of over $100,000 and led by people in their mid-30s to mid-40s – provided a widely disproportionate percentage of all American meal-kit subscribers, but, with COVID-19 rendering in-person shopping dangerous for senior citizens and others, meal-kit subscriptions became increasingly popular among many more segments of the general population; as a result, in 2020, US retail sales growth of meal-kits reached almost 19%, a rate of growth over 31 times higher than the 0.6% rate of growth experienced the year prior.
Of course, plenty of scammers are aware of the surge in popularity of meal-kit services – and, naturally, such folks seek to exploit the recent developments for their own gain. Cybercriminals know that the more subscribers a service has, the more likely that messages sent to random phone numbers will reach subscribers who believe that the received messages are authentic communications from the relevant service.
I personally received such a message over the weekend – while I do not subscribe to any meal-kit services, I received an SMS message over the weekend asking me to rate my experience with a recent delivery from a particular meal-kit service in exchange for a $10 credit towards my next delivery. While some meal-kit-service-scam messages contain spelling and grammatical errors, the smishing message (smishing is phishing via text message) that I received did not suffer from such deficiencies; it appeared as well written as typical businesses correspondence. Being that I do not subscribe to any meal-kit services, no amount of professionalism would have convinced me that the message was legitimate; it is not hard to imagine, however, the some people who are subscribers could easily fall prey.
To complete the relevant survey, for whose completion I would allegedly be rewarded with a $10 credit, the message directed me to a web site operated by the scammer who sent the message – a site that was clearly intended to collect various data including login information for the meal-kit service. Of course, such websites can also install malware on improperly protected devices used for access.
So, if you so subscribe to any meal services, remember to be vigilant – scammers are presently focusing their targets on you.