When faced with these requests, DoorDash customer service reps would ask for some form of verification. The indictment states that the men would use the personal information of the Dasher, such as their phone number, date of birth, recent transactions, or even the last four digits of their driver’s license, to authenticate themselves.
"because it’s up to the drivers to not get phished. "
The drivers were not phished, Doordash the company was.
If I do work for a client, send my invoice by mail, that mail gets intercepted by a scammer, that scammer sends on an altered invoice with their bank account number on it, and the client sends a bank transfer to the scammer … Then the client still owes me money and they still have to pay my real invoice (to me), irregardless of whether or not they manage to reclaim the money that they paid to the scammer.
The technology may have changed, but the same principles apply.