CNET reports on what happened when a new Uber driver received a call from Uber telling him to cancel the trip and verify his account:
The caller asked for his email. He gave it. The caller asked for his Uber account password. He gave him that, too, after a brief hesitation. Then the caller said to tell him the confirmation code he’d be receiving shortly via text. The driver told him the code once he got the text. This was the two-factor authentication needed to get into the driver’s Uber account. “Nothing happened for the rest of the week,” the driver says. “I didn’t think anything of this again until Saturday.” But in those following three days, the scammer had changed the driver’s account settings and waited for the perfect time to withdraw money…. By Saturday night, his $653.88 in earnings from that week had been nabbed from his account…
Apparently the scam has hit thousands of ride-hail drivers, and millions of dollars have been diverted from their accounts, according to a lawsuit brought by the U.S. Attorney’s Office in New York’s federal court last November… [A] couple of key elements about Uber make it possible. When passengers hail a ride with Uber, they see the name of the driver and the car’s make, model and license number, and they get an anonymized phone number to call the driver. All of this ensures passengers safely connect with the right driver. But it also makes it possible for the wrong people to see lots of information about drivers.
When one of the scam victims complained to Uber, he “was told he had to wait until Monday when he could talk to a representative in person at one of its driver hubs,” although eventually Uber “agreed to credit the $653.88 back to his account as a ‘one-time repayment courtesy.’”
Other scammers have gone after Uber directly, CNET reports, using GPS-spoofing apps to simulate long rides as “a way to pocket money via stolen credit cards, essentially using Uber as a makeshift money laundering service.” Uber’s data science manager spotted the fake rides because “weird” altitude coordinates indicated that the drivers were flying through the sky.
of this story at Slashdot.