Uber Drivers are Being Scammed by Fake Uber Support Service Calls

When will drivers learn that Uber does not call them, not first and not ever without the driver contacting them first? The only way Uber will contact a driver is through the app in a message or in an e-mail. However, let's just say that they do call, since when do any operatives of any company ask for the username and password of a person? Even for proof of identity? Never, and you know why, because it is not done. Its as simple as that. No website owner will ask over the phone, or even by e-mail for a user's password and other identifying information. The only way they ask for a password is when you enter it into an online form, and if that form is not n the webpage you need, then you definitely won't enter it.

Cybersecurity is all about keeping certain data personal so that only the IT cybersecurity people can have access to such information. In most cases, that information is encrypted so that even the IT security team cannot see it. Banks are one of the most stringent in this aspect, and guess what, rightly so. No one is above suspicion of theft, even bank managers.

Now, you ask why I opened this article about cybersecurity, well its all to do with what was reported online about Uber drivers being scammed for their information which would give the other side access to the driver's credit/debit card data or access to their Uber app profile page. Either method would give the scammer access to the driver's financial sources. In fact, giving out credit/debit card data is one of the biggest mistakes anyone can make when not using them for online shopping or investment reasons.

Let's take a look at some of the scam's going around Uber drivers and give criticism and solution for each one:

Case #1:

Uber driver in Manchester was called by an Uber rep. and told to cancel the last ride since the passenger used a fake credit card. The driver was told to check the "do not charge rider" option. The rep then told the driver to "verify" her phone no. which she did, and then told to verify the amount in her Uber app account and to add a debit card.

Analysis:

  1. Uber does not call drivers
  2. Uber will never ask for your real phone no .and they do not need verification when calling you.
  3. They never ask for your income amount; ever, the amount has nothing to do with any verification process.
  4. They do not need you to add a debit card, the method you decide to transfer income is set when you create your Uber account. Never will an Uber rep ask you to add a debit card.

Conclusions:

The scammer needed the driver's real phone no. to complete their access to the driver's app account. During the process, the driver gave away her name, phone number and added into the account her debit card details, all of which enable the scammer to access her account and then withdraw money from her debit card directly.

Case #2:

A driver received a request from "Uber Technology Inc." and immediately thought it was from an Uber employee. Then the driver received a phone call, and the person introduced himself as the Uber staff that sent the request. The caller used the drivers Uber encrypted number and not their direct number. The person asked the driver to pull over and not drive will talking, and then asked for the driver's phone number for confirmation of identity. The caller than sent the driver a message asking for his Uber e-mail address used in the app and their password to confirm receiving a $200 bonus.

Analysis:

  1. Uber does not call drivers
  2. Uber will never ask for your real phone no .and they do not need verification when calling you.
  3. Uber will never send a message asking for a driver e-mail address and definitely will never ask them to send the password.

Conclusions:

The scammer needed the driver's real phone no. to be able to send an off-Uber app message. The scammer then went on to make a stupid mistake and ask for information that most rational people know is not done and in most cases is not even legal.

Case #3:

A driver in Chicago received a request from a passenger called Nestor. Nestor than calls the driver and asks him to pull over since it is a call from Uber's driver outreach. Nestor from Uber then told the driver to cancel the ride with a "no charge" and told him that he was receiving a $200 bonus for being above 4.5-star rating. The driver then got a text message claiming that if he sends his email address and password for confirmation, he will receive the bonus.

Analysis:

  1. Uber does not call drivers
  2. Uber will never ask for you to pull over and will never ask you to cancel a ride.
  3. Uber will never send a message asking for a driver e-mail address and definitely will never ask them to send the password.

Conclusions:

The scammer was unprofessional and stupid. The scammer made a stupid mistake and asked for information that most rational people know is not done and in most cases is no even legal.

The Scenario

As you can see the scene is simple and similar, someone identifies themselves as an Uber rep., asks for various bits of personal info which in most cases they should have if they are the rep. and do not need them for confirmation of identity. Passwords are the holy grail of cybersecurity, and it is a known fact that no one will ask for a password.

Passing on debt or credit card info is also not something done unless you called an online e-commerce presence and initiated the call. If you initiate a call to a sales rep of a website, then expect to be asked for charging details. However, if you receive d an email message with a website address in it, double check to see that the website is the official one and that the phone numbers are real too.

One of the biggest scams is the fake website/email link to website scam. Called Phishing, a phisher will try to get the unsuspecting victim to come online to a website that is identical to the official one. The big difference is that all the data and contact info go directly to the scammer.

The only way to prevent a successful phishing attack is to check out the source of the e-mail address and to check the link address. Then open the real site from your favorites or internet google search and compare the address links. Even the slightest deviation is a sign of an attack, for instance, the original Amazon.com can become Amazan.com or even Amazon.biz. whatever the difference, it is enough to be proof of a fake site and scam.

The scope

Uber is aware of the scope of these scams; they are global. In the US they have been reported from multiple drivers in New York, Chicago, Manchester, Houston, Tampa, Las Vegas, San Francisco, and states including New Jersey and Connecticut.

Uber has stated to the press that "the FTC has been tracking these types of 'imposter scams' for decades and our teams work closely with law enforcement to investigate these scammers. Uber periodically sends reminders to drivers via email and in the app to remind them of basic security practices that can help them protect themselves."

During 2016 a team of 13 scammers operating out of New York was apprehended and charged in November 2017 by the Department of Justice for allegedly stealing millions of dollars from Uber and Lyft drivers.

The problem will never be solved since there are always new scammers to replace the old ones.

My tips:

  1. Do not rely on Uber to solve a scam issue, its up to you to prevent it.
  2. Do not believe callers from "Uber," always reply by saying you are busy and you will call them back, and that they should give you their office phone no. and extension. This will stop the attack dead in its tracks.
  3. Never accept a text message from "Uber" that asks for your e-mail address, they already have it, they don't need to ask you for it.
  4. If you receive a message asking for your password, erase it immediately.
  5. Never give out your debit card details, unless you initiated the call to an online salesperson at a number you verified is true.
  6. If you are contacted, save the contact information if you can see it, and share it online in social media. Alert others to the fake numbers and addresses being used to scam drivers.

I always tell my friends not to believe any incoming calls or e-mails. Check the source first. Your tip no.2 is golden, it is what I do all the time. As for e-mail messages, check the e-mail enders address, and if it is only a name and not an address then open the address section up to see it. Uber and Lyft come from their uber.com and lyft.com sites, so anything else is not from them.