Shipt and its gig workers deal with phishing attacks
Gig delivery workers now have something else to worry about than whether they are getting enough shift hours or if customers are being generous with their tips. It seems that Shipt shoppers/drivers have fallen victim to phishing expeditions that have given thieves access to their accounts and enabling the criminals to steal the workers’ paychecks.
Motherboard, which broke the news after seeing private Facebook postings, reports that more than 30 people who pick and deliver orders for Shipt have been scammed to date. Shipt, the same-day delivery service owned by Target, employs about 300,000 gig workers in the U.S.
The report provides an account of one driver who received an email from “Shipt Support” in late March requesting that the worker’s password be reset. The worker, who did not request a reset, did so thinking that it was legitimate. It was not.
Later that night, someone claiming to be from Shipt called the driver addressing the individual by their first name. The caller said that the company had noticed some unusual activity on the driver’s account and asked for a code that had been emailed to the worker to verify his identity. The Shipt driver, still not suspecting anything was amiss, provided the information only to find out later that it was used to steal his paycheck.
Shipt, Motherboard reports, posted a message to drivers on its internal portal on April 9. “Never share your bank account info or shopper account password with anyone on the phone or through an email, even if they claim to be from Shipt. Shipt will never request that info this way.”
“We’re aware of the prevalence of scams like these that are often the result of phishing or an account takeover,” Danielle Schumann, a Shipt spokesperson, wrote in an email statement to Motherboard and The Verge. “A very small number of shopper accounts have recently experienced this kind of activity.”
Shipt has reimbursed contractors for the full amount lost in these phishing incidents. The company has said that it has taken steps including emails to bring those working with it up to speed on how to protect their accounts from thieves.
- Scammers Are Hacking Target’s Gig Workers and Stealing Their Money – Motherboard/Vice
- Gig workers at Target-owned Shipt are getting their bank accounts drained by hackers – The Verge
DISCUSSION QUESTIONS: How significant a challenge do security issues around third-party contractors pose for retailers and their vendors who use these workers? Where do you see vulnerabilities, and what needs to be done to improve security?