Fake DoorDash Calls Are Draining Delivery Drivers' Wallets
Criminals are posing as DoorDash support staff, tricking gig workers into handing over account details, then quietly emptying their earnings. One driver lost $21,000.

Key points
- A Gold Coast delivery driver lost roughly $350 in two separate thefts after being deceived by a caller pretending to be DoorDash support staff.
- The Transport Workers Union said it has helped gig workers recover more than $50,000 in stolen earnings over the past six months, including $21,000 stolen from a single driver.
- Australians lost more than $2 billion to scams last year, with phishing scams, where criminals send fake messages or calls to trick people into handing over personal details, accounting for $97 million of that total, according to the Australian Competition and Consumer Commission.
- Security researcher Troy Hunt says responsibility for stopping these attacks sits with the platforms, not the individual workers.
- The Australian Competition and Consumer Commission issued a public alert about scammers targeting food-delivery drivers last month, following reporting by ABC News Australia.
Andrew Rhodes knew the rules. The 26-year-old Gold Coast man had heard all the warnings about handing personal details to strangers on the phone. Then, at 1:30 in the morning, pulled over on the side of a road after a long shift, his guard was down.
Rhodes had been doing DoorDash deliveries for less than a week when a call came through the app. An automated voice said it was from DoorDash. A real-sounding support agent then explained that his order had been cancelled because of suspected customer fraud, and that he needed to confirm some identity details to receive compensation for the distance he had already driven.
"It's like they have a script. They're super confident in everything they say," Rhodes said.
The following day, roughly $200 in earnings had been redirected out of his DoorDash wallet. Weeks later, using the account details they had already collected, the criminals struck again and took another $150. He never received a second call.
How does the scam actually work?
The pattern is deliberate. A criminal, posing as a customer, places a delivery order from a location that is unreachable by road, so the driver can never get close enough to trigger an automatic cancellation. The driver then receives a phone call and is told the order has been cancelled. Pressed for personal details as part of a fake compensation process, the driver hands them over.
From there, the Transport Workers Union (TWU) believes the stolen details are used to break into driver accounts through a method called "brute force", which means an automated programme rapidly guesses password combinations until it finds the right one. The union says this happens inside the DoorDash and Uber app systems, not through some outside channel.
Cybersecurity researcher Troy Hunt was direct about where the fix needs to come from. "The question is always: what controls are in place by the provider to limit brute force?" he said. In this case, he added, those controls are evidently not working well enough.
The TWU said complaints have escalated sharply over the past six months. National secretary Emily McMillan described delivery workers as "incredibly vulnerable", not just because of the scam itself, but because of what happens next. Drivers who report the theft often find themselves locked out of their accounts while the issue is being investigated, unable to earn income in the meantime.
"They're being penalised for being the victim," McMillan said.
Australia's gig economy, which covers app-based work like food delivery and ridesharing, employs an estimated 250,000 people. Many are using it as a second income to cover rising costs.
If you drive for a delivery platform, watch for calls arriving just before a pay cycle, orders with pick-up pins in obviously odd or remote locations, and any caller asking you to confirm account or banking details over the phone. A real platform will not ask for that information this way. Report anything suspicious through the app rather than responding to the caller directly.



