Who knew you could make millions not delivering food? Turns out the secret ingredient to this delivery scam was fraud — and lots of it.
In this publication, we're uncovering a tech-savvy fraud that exploited one of the most popular food delivery platforms in the U.S., stealing millions right under the algorithm’s nose. Let’s dive in.
A former DoorDash delivery driver and his crew scammed the company out of $2.5 million by faking food deliveries using stolen credentials and fraudulent accounts — and now, the guilty pleas are piling up.
How It Works:
- The Setup: Sayee Chaitanya Reddy Devagiri and three co-conspirators devised a scheme to defraud DoorDash in 2020 and 2021.
- Account Hijacking: They used stolen or unauthorized employee login credentials to gain access to DoorDash’s internal software.
- Fake Deliveries: Using customer accounts, they placed high-value food orders. Then, they reassigned these orders to driver accounts they controlled.
- Phantom Drop-Offs: The fake drivers marked the orders as "delivered" — even though no food ever left the kitchen.
- Double-Dipping: Devagiri would then switch the order status back to “in process” and reassign it again to another fraudulent account, cycling the con repeatedly to rack up payments.
Who’s Targeted:
- Gig economy platforms like DoorDash, Uber Eats, and Instacart — companies with large decentralized workforces and lots of back-end access points.
- Tech platforms with internal admin tools vulnerable to insider misuse or credential theft.
- Businesses relying on outsourced or third-party access, especially during periods of rapid scaling.
Real-Life Example:
Devagiri, a 30-year-old from Newport Beach, California, pleaded guilty in federal court this week to conspiracy to commit wire fraud. He’s the third in the group to admit guilt. One co-defendant, Tyler Bottenhorn, entered a guilty plea back in November. Another, Manaswi Mandadapu, pleaded guilty earlier this month.
The scam spanned two years and involved sophisticated manipulation of internal systems — exposing major gaps in platform security.
Why You Should Care:
If massive companies like DoorDash can be swindled using inside access and fake transactions, it raises serious questions about how secure your personal data and payment information really is. Beyond the dollars lost, these scams erode trust in the services we use daily.
Whether you’re a customer, contractor, or platform developer, the systems you rely on could be more fragile than they seem.
How to Protect Yourself:
• Use strong, unique passwords for every platform — especially if you're a driver, merchant, or employee with backend access.
• Enable two-factor authentication (2FA) to add an extra layer of security.
• Monitor account activity for unauthorized changes or unexpected charges.
• Report suspicious system behavior immediately — especially if you're an employee or contractor with platform access.
• Limit who has backend privileges within organizations — use “least access necessary” policies.
Quick Tips & Updates:
Quick Tip #1: “Did you know? Wire fraud cases have surged as scammers shift focus to digital platforms and remote work infrastructure.”
Pro Tip: “Always be cautious of phishing emails or messages asking you to ‘verify’ login credentials — they’re a common path to stolen access.”
Stay safe, stay informed.
Keywords:
• Wire Fraud – A crime involving the use of telecommunications or the internet to defraud someone of money.
• Credential Theft – When someone’s login information is stolen and used for unauthorized access.
• Gig Economy Scam – Fraud targeting flexible, app-based workforces like delivery drivers and freelancers.
• Insider Threat – A security risk that comes from within an organization, often from employees or partners.
• Two-Factor Authentication (2FA) – A security process requiring two different forms of identification to access an account.
To read more, kindly find source article here