Fake Uber Eats / DoorDash / Grubhub unauthorized charge, account suspended, or order delivery issue phishing — fraudulent email impersonating Uber Eats, DoorDash, Grubhub, or Instacart claiming an unauthorized charge was detected, the account is suspended due to a payment issue, a refund is pending requiring account verification, or an order cannot be delivered — directing the recipient to sign in, dispute the charge, update payment details, or verify their account — a credential-harvesting and payment card theft attack targeting food delivery app users; Uber Eats has 90M+ active consumers; DoorDash 37M+ users; unexpected charge lures combine financial urgency with account security fear to drive uncritical clicks

Phishing emails impersonating Uber Eats, DoorDash, Grubhub, or Instacart claiming an unauthorized charge was detected on the recipient's food delivery account, their account has been suspended due to a payment issue, a refund is pending and requires account verification, or an order cannot be delivered. Key facts: (1) Uber Eats has 90M+ active consumers globally; DoorDash has 37M+ US users; Grubhub 33M+ users; Instacart 7.7M+ active customers; food delivery apps are used multiple times per week by millions of people who have become conditioned to routine transactional emails from these platforms; (2) The "unauthorized charge" variant is the highest-yield variant: it combines financial urgency (money was stolen!) with account security fear — recipients act immediately without checking the sender domain; the typical lure amount ($60–$120) is realistic for a food order and plausible enough to provoke immediate action; (3) The "refund pending — verify your account" variant exploits a different psychology: instead of threat/fear, it uses reward/anticipation — "you have money waiting, just verify" — achieving high click rates particularly among users who have recently disputed a real delivery charge; (4) This signal is distinct from the `fake-uber-lyft-driver-account-deactivated-phish` signal which targets gig economy drivers — this targets the far larger consumer user base of food delivery app customers. Warning signs: sender domain not uber.com, doordash.com, or grubhub.com; no specific order ID, restaurant name, or delivery address; round-number refund amounts; urgency about account suspension or charge dispute deadline.