Voice of the Industry

Popular messaging app is a buffet for bad actors: a new scheme has fraudsters feasting on Telegram forums

Wednesday 10 March 2021 08:02 CET | Editor: Anda Kania | Voice of the industry

Sift Trust and Safety Architects discover a brazen fraud scheme on the popular messaging app, Telegram, targeting restaurant and food-delivery services. Brittany Allen has more insights into this scam

As the leader in Digital Trust & Safety, Sift is always on the lookout for emerging fraud trends and schemes that affect businesses and consumers alike. Usually, when we uncover a new type of attack or fraud ring, the perpetrators try to hide their tactics and attempts, either via the difficult-to-access Dark Web or shadowy marketplaces that are known to be havens for criminals. But recently, we discovered a fraud scheme that has been taking off on a popular messaging app, in plain view of the public. And high-profile sporting events, coupled with the global pandemic’s effect on overall consumer behaviour, have only made matters worse.

Direct messages lead directly to fraud

Cybercriminals are taking to the Telegram messaging platform to steal from restaurants and food delivery services. Sift’s Trust and Safety Architects found that bad actors are advertising their services on Telegram forums in order to purchase on-demand food and beverage orders on behalf of customers at a reduced price using stolen payment information. 

Here’s how it works:

  • Professional fraudsters post in Telegram forums, such as “Fraud Market,” advertising their ability to illicitly buy food and beverage orders at heavily discounted rates, typically 60-75% off. 
  • Diners interested in taking advantage of this offer direct-message the professional fraudster along with a screenshot of their shopping cart from a food delivery service and their delivery address to place the order.
  • The fraudster responds via direct message offering to buy the items in the shopping cart for a fraction of the actual cost. 
  • Once the fraudster accepts the order, the diner pays the fraudster using cryptocurrency, such as Bitcoin or Ethereum, via PayPal, Venmo, or Cash App.
  • The fraudster then either creates a new account and uses stolen credit card details, or leverages a hacked account with stored value to pay for the meal and have it delivered to the diner.
Below is an infographic that illustrates how the Telegram scam works:

The shift in consumer behaviour since the start of the pandemic, especially over the past few months, has created the perfect environment for this type of payment fraud to flourish. A growing number of people are turning to mobile ordering to comply with local lockdown orders and to avoid unnecessary in-person contact. In fact, the number of smartphone food delivery app users has increased from 36.4 million users in 2019 to 45.6 million users in 2020, according to Statista. That’s more than a 25% increase.

We have also seen a rise in fraud on food delivery apps. According to data from Sift’s global network of more than 34,000 apps and sites, fraud rates among restaurant apps and food delivery services increased 14% from Q3 to Q4 2020.

Big sporting events bolster Telegram fraud scheme

It’s not just the pandemic that’s creating opportunities for fraudsters, big sporting events are increasing the frequency of this type of fraud too. Sift Trust and Safety Architects spotted advertisements and posts on Telegram that coincided with UFC 257: Poirier vs. McGregor 2, the mixed martial arts fight that occurred in January 2021. Below is a screenshot of one such post.


The championship of the American National Football League for the 2020 season also coincided with fraudsters becoming bolder on Telegram. Below is another screenshot of a conversation in a forum where consumers connected with fraudsters in an attempt to receive heavily discounted food and beverages for the sporting event.

Staying ahead of evolving fraud trends

There’s good news and bad news for businesses affected by this type of scheme. While merchants may not be able to prevent fraudsters from advertising their services on messaging apps or open forums, they can protect themselves before and at the point of attack by adopting a Digital Trust & Safety strategy, which prevents fraud while reducing friction for legitimate customers. That way, no matter how many ads they post, fraudsters will find it difficult to slip by the defence. An end-to-end fraud prevention solution with industry-leading machine learning that can quickly adapt to changing fraud trends and consumer behaviour is crucial to staying ahead of fraudsters’ ever-evolving tactics – without sacrificing growth or insulting legitimate customers. That’s a win-win.

About Brittany Allen

Brittany Allen has more than a decade of experience combating e-commerce marketplace fraud at companies such as Etsy, Airbnb, 1stdibs, and letgo. Her expertise in fraud mitigation, policy leadership, and dispute management has led her to speak at industry numerous conferences and join Sift as their newest Trust & Safety Architect, a role focusing on trust and safety education, developing industry best practices and strategies, and being the voice of Sift.

About Sift

Sift is the leader in Digital Trust & Safety, empowering digital disruptors to Fortune 500 companies to unlock new revenue without risk. Sift dynamically prevents fraud and abuse through industry-leading technology and expertise, an unrivaled global data network of 35 billion events per month, and a commitment to long-term customer partnerships.

Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords: Sift, fraud prevention, online fraud, delivery, dark web
Categories: Fraud & Financial Crime
Countries: World
This article is part of category

Fraud & Financial Crime