Phishing is a major concern in all industries and sectors of the internet. Anyone at anytime can become a victim of a phishing scam. However, with due diligence, you can refrain from falling victim to any and every attack. There are some rules to follow, but if you follow them, you will never be phished.
How Phishing Works
Phishing is a type of subversion marketing and tools aimed at getting a user to divulge personal information with the sole purpose of accessing their money or their identities.
Phishing comes from the term "fishing" where a "Fisher" tries to get a "fish."
Phishing scams come in some forms; they are either web-based or email based. They are also focused, which means they target a specific user type. For instance, in our case, Uber drivers. How does it work?
The first stage in a phishing scam is creating a false message that will lead the user to a fake site adapted and designed to get the user to divulge pertinent information.
The false message will usually give a false link that will come either in the message on any one of the social media platforms, as well as in an e-mail message or an internal message from a hacked app.
How do you check the authentication of a message?
To ascertain that the message is authentic, first, check the content. Many fake messages can appear authentic with all the right logos and graphics. However, they all request you log in to the site or press a link to access the site mentioned in the message. For instance, a message from Uber will come from a recognized e-mail address or source. Don't rely on the email address you see in the address bar, click on the "more information" button next to the income address and see what the actual address is. You will be amazed how many times this solves the issue immediately. Read the incoming e-mail address source carefully and compare to a real message you received from Uber. The other method of authenticating a message is by checking the link direction. If you hover your mouse over the link, you will see in the status bar at the bottom of the browser the link address. Compare that address to Uber's official addresses. You will be amazed at how quickly you find out that these messages are fake.
Bypassed and under A** ttack**
Another way of accessing your information is by bypassing messages and attacking you directly through the Uber app. This is done by creating a fake passenger/customer ID and then using it to contact you directly. They will approach you directly as an Uber employee and ask you for various bits of information by misdirecting you to believe they are really from Uber. For instance, they might ask you for your Bonus Password so they can verify your bonus and send it to you, to ask for the verification code Uber sent you to confirm it's you. The best way to deal with these direct calls is not to trust them. Tell them you will call them back, and they should leave you their Uber office number. Since they cant do that, they will most probably start to make up excuses and offer to call back or pressuring you to believe that this is one time an emergency or special offer which you will lose.
Don't believe anything, always suggest you call back to confirm that it is an Uber operative calling you. Remember, Uber rarely calls a driver, and will never ask for passwords, SSN's or verification codes, ever! In fact,
Express Pay Phishing
One scam used an Expresspay phishing scam that directed drivers to a fake app that asked the driver for their credentials; then the scammers would log into the driver's accounts and redirect the income to another bank account. Drivers at first didn't realize what was happening until they tried to access their earnings and discovered that they had none. This, of course, led them to contact Uber and claim they were not being paid when asked to check their account details the victims realized that their accounts had been changed. They were then told to change their account details and password to ensure that the scammers could not access their accounts again.
Uber's advice is the same as ours, but here it is:
- Never share personal information of any kind to anyone, since Uber will never ask for this information over the phone or internet. The only time a driver will be required to prove identification is when they come to Uber offices in person.
- Never input any Uber account information I any website, only use Uber.com
- Never share Uber verification codes on any site and only input them on the Uber app or Uber.com website
- If a driver has an issue or concern, contact the Greenlight Hub or get in contact with Uber support and give details of the instance.
These statements support our feelings that Uber will never ask for personal or verification details.
How to recover lost income from Phishing Scams
Uber and Lyft are not insensitive to their driver's situation.
Lyft stated that they would reimburse their drivers and implement some measures to relieve phishing experiences and implement anti-phishing code for their app and explain to drivers via FAQ how to resist scams.
The user's statement was on similar lines, stating that they implement some prevention techniques and two-stage verification methods. They also claimed to be working with various ISP's and hosting services to delete the fake websites and would compensate drivers that were duped by the scams.