Devagiri admitted to working with others in 2020 and 2021 to cause DoorDash to pay for deliveries that never occurred. At the time, Devagiri was a delivery driver for DoorDash orders. Under the scheme, Devagiri used customer accounts to place high value orders and then, using an employee’s credentials to gain access to DoorDash software, manually reassigned DoorDash orders to driver accounts that he and others controlled. Devagiri then caused the fraudulent driver accounts to report that the orders had been delivered, when they had not, and manipulated DoorDash’s computer systems to prompt DoorDash to pay the fraudulent driver accounts for the non-existent deliveries. Devagiri would then use DoorDash software to change the orders from “delivered” status to “in process” status and manually reassign the orders to driver accounts he and others controlled, beginning the process again. This procedure usually took less than five minutes, and was repeated hundreds of times for many of the orders.
The scheme resulted in fraudulent payments exceeding $2.5 million.
Woah, 20yrs max…, it seems to only pay when you steal from the poor and have train loads of lawyers at hand.
rc__buggy@sh.itjust.works 4 weeks ago
So many technically smart criminals being busted by just not having OPSEC. Dude did the technical theft and left his IP wide open. Get behind seven proxies.
What a fucking moron. Like DoorDash isn’t going to notice this shit?
Kbobabob@lemmy.world 4 weeks ago
Where did you see that? I didn’t see anything in the article or in the linked indictment article.
rc__buggy@sh.itjust.works 4 weeks ago
It’s an assumption
Filetternavn@lemmy.blahaj.zone 4 weeks ago
Moot point, as DoorDash driver accounts require a verified driver’s license, comprehensive background check, and a valid bank account set up to deposit payment (though after setting up a direct deposit bank account, you can add alternative cash out options). Haven’t used DoorDash in a while, but UberEats started requiring facial recognition on top of all that, so I wouldn’t be surprised if that were in the DoorDash driver app, too. Hiding IP would do quite literally nothing in this scenario, as you can’t create an account anonymously. Counterfeit IDs would not work as they are verified against state records. Oh, and yet another step, you have to provide proof of auto insurance, which is yet another connection to your identity.
rc__buggy@sh.itjust.works 4 weeks ago
Hah, yeah what a dumbass
Rivalarrival@lemmy.today 4 weeks ago
Did he really just leave his IP wide open? Or did they somehow manage to get through his seven proxies to find him?
I know I’m being paranoid. What I don’t know is if I’m being paranoid enough.
Forester@pawb.social 4 weeks ago
Pro tip if you’re going to rob a bank don’t use your car as the getaway car.
flandish@lemmy.world 4 weeks ago
i’d go with 8 proxies and a dial up modem on one end just to be safe.
rc__buggy@sh.itjust.works 4 weeks ago
Or you could just not rip off DoorDash for 2.5mil
I’m not here to help you commit fraud.
throwawayacc0430@sh.itjust.works 4 weeks ago
I don’t think doordash lets you use a VPN.
Many platforms that deal with finance would reject an order when they detect VPNs or Tor (since that’s what fraudsters and scammers use), or they ask for additional verification (like SMS) to verify you are in fact the account holder. So they probably were just using their real IP address.
rc__buggy@sh.itjust.works 4 weeks ago
Well in this case a proxy isn’t a VPN, but an intermediate the criminal has taken control of. A proxy does not have to be legitimate.