The Phishing Scam That Steals Driver Pay In Seconds

Uber Driver Scam

OK, an Uber driver showing up without a car and offering to carry you on his shoulders would be a super obvious scam and not the sort we are talking about here. 

Phil here.  Although Uber’s Instant Pay and (in the U.S.) Lyft’s Express Pay options have been hugely popular with drivers, there are some scams and fraud issues drivers should be aware of. Today, senior RSG contributor Christian Perea details what’s happening and how to avoid it.

More...

A new scam has been circling throughout the driver community over the last few months, and I want to warn you about it. It involves scammers attempting to gain access to drivers’ accounts on Uber and Lyft, switching out their payment information with their own, and then cashing out drivers earnings via Instant Pay or Express Pay into the scammer’s account.

The phishing attempt almost always involves a fake passenger request or someone posing as a Uber/Lyft employee to gain the driver’s trust. The result is that the scammer effectively steals the driver’s pay by “Express Paying” their own account, leaving the driver with no money for the week.

The phishing attempt almost always involves a fake passenger request or someone posing as a Uber/Lyft employee to gain the driver’s trust. The result is that the scammer effectively steals the driver’s pay by “Express Paying” their own account, leaving the driver with no money for the week.

WARNING: NEVER provide your personal information over the phone to anybody who calls YOU.

WARNING: NEVER provide your personal information over the phone to anybody who calls YOU.

We first heard about the scam with Lyft Express Pay around last September in Los Angeles. Since then, the scam has been slowly spreading through different locations, has begun to target Uber drivers through Instant Pay, and has increased in its frequency and sophistication.

We first heard about the scam with Lyft Express Pay around last September in Los Angeles. Since then, the scam has been slowly spreading through different locations, has begun to target Uber drivers through Instant Pay, and has increased in its frequency and sophistication.

Uber Driver Phishing Scam

The Scam Targets Your Login Credentials

The Scam Targets Your Login Credentials

The scam has several different angles of doing this. All of them involve someone trying to get into your driver account via phishing your information through social engineering.

It’s called “phishing” because the scammers are “fishing” for your information – calling you up and seeing if you’ll willingly give them information. If it doesn’t work with you, they move on to the next “fish.” “Social engineering” in this case means contacting you on a legitimate-to-you platform, like Uber, making it seem like everything is fine and lowering your defenses, with scammers hoping you won’t be too suspicious to give them your info.

Right now, most scammers are randomly requesting drivers through a fake Lyft or Uber passenger account. They then contact the driver via call or text and pretend to be an employee for HQ. There are various scripts they use to get you to believe them. For example, these angles range from “we need the code we just texted you to verify that you are really this driver” to “hey, you need to give me your password information in order to get your Power Driver Bonus.” See below for an obvious example taken from a thread on UberPeople:

Example of scam from a thread on UberPeople.net

All forms of this scam start with an attempt to gain entry into a driver’s account. Often, by asking the driver for the 2-factor code that gets texted to the driver, and sometimes by just directly asking for their login credentials over the phone.

<script async src="//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js"></script>

<!-- RSG 02 -->

<ins class="adsbygoogle"

     style="display:inline-block;width:300px;height:250px"

     data-ad-client="ca-pub-3131491400622159"

     data-ad-slot="3085068204"></ins>

<script>

The scam has several different angles of doing this. All of them involve someone trying to get into your driver account via phishing your information through social engineering.

It’s called “phishing” because the scammers are “fishing” for your information – calling you up and seeing if you’ll willingly give them information. If it doesn’t work with you, they move on to the next “fish.” “Social engineering” in this case means contacting you on a legitimate-to-you platform, like Uber, making it seem like everything is fine and lowering your defenses, with scammers hoping you won’t be too suspicious to give them your info.

Right now, most scammers are randomly requesting drivers through a fake Lyft or Uber passenger account. They then contact the driver via call or text and pretend to be an employee for HQ. There are various scripts they use to get you to believe them. For example, these angles range from “we need the code we just texted you to verify that you are really this driver” to “hey, you need to give me your password information in order to get your Power Driver Bonus.” See below for an obvious example taken from a thread on UberPeople:

Example of scam from a thread on UberPeople.net

All forms of this scam start with an attempt to gain entry into a driver’s account. Often, by asking the driver for the 2-factor code that gets texted to the driver, and sometimes by just directly asking for their login credentials over the phone.

Plenty of Phishing

Phishing Site Example: A fake link is texted to the driver leading them to enter their login details to “qualify” for a fake bonus.

How to Avoid Getting Scammed

The first thing you should know is that Uber and Lyft employees almost never call drivers.

Anybody who reaches out to you from Uber or Lyft will NEVER ask for your login details, Social Security Number (SSN), a verification code, or any other personal details.

And again, Uber or Lyft employees VERY RARELY call drivers for any reason, and they don’t call drivers to offer them money or a bonus. Most drivers will never even speak to an employee unless they happen to drive one.

Uber's Advice

  • Do not share your personal information (phone number, email address, password, SSN, credit card, or two-factor verification code) with anyone over the phone or text message. Uber will never call to ask for this information.
  • Never enter your Uber account information on websites other than uber.com.
  • Only use your Uber verification codes in the Driver/Rider App or on uber.com.
  • When in doubt, visit a Greenlight Hub or contact Uber’s support team in the app before sharing any information.

Seems like pretty standard stuff. Lyft provided similar advice as well. It all boils down to not giving  your information to random people over the phone. Uber or Lyft will never ask you to opt-in to a bonus via text message, or even through a website that is not part of their domain.

If you’re not sure, look at the website address. Uber’s legitimate website is: https://www.uber.com/. Not: Uberbonusride.com.

What Are Uber and Lyft Doing To Help Drivers?

I reached out to both Uber and Lyft to see how they are handling the new wave of payment fraud. Here is what Lyft said:

“We are reimbursing all drivers who were impacted by the recent Express Pay phishing scam. At Lyft, safety is our top priority and we have implemented a number of safety measures and anti-phishing rules to further protect our Lyft drivers.” – Lyft Spokesperson
Meanwhile, Uber made the following statement:

“Uber uses several prevention techniques, including two-factor authentication, that make it harder for scammers to target drivers through traditional methods. We also work closely with hosting companies to take down phishing websites and compensate drivers who fall victim to these scams.” – Uber Spokesperson

New Security Features
Even though both companies talk about having multiple steps for identity verification to gain access to their account, drivers complain there is little to stop someone from changing out payment information once they access Express Pay or Instant Pay. Right now, Uber is paying driver-victims their original earnings as a one-time courtesy. However, one of the drivers from the same UberPeople.net thread claimed he has been waiting two weeks to get reimbursed:

Victorvnv has been waiting 2 weeks to get his money back.
I’ve spent the week looking through forums and groups for victims of these scams. For example, drivers claim they did not know their payment details were changed after they fell for it. This caused a lot of frustration because the victims didn’t know it was simply so easy to switch payment details.

However, Uber now has placed a 72-hour hold for new debit cards that are added or switched on Instant Pay. It seems like Lyft has also begun to do the same thing. So just know that if you change your payment details on either Express Pay or Instant Pay, there may be a “holding” period now to verify that the account information matches up.

Who’s at Risk For These Scams?

These scam attempts might seem kind of obvious, but many drivers may not be aware of how Uber and Lyft operate and may be more susceptible.

Newer drivers may be likely to believe someone from Lyft or Uber corporate HQ would take the time to call them for anything. Experienced drivers know that Uber and Lyft employees tend to avoid calling us to check-in unless a passenger has complained. On top of that, those in the middle of driving may risk not doing their due diligence to verify the call from HQ is legit, thinking they need to obey the fake “employee” to avoid deactivation.

For other drivers, English is a second (or third) language. Other drivers may not be up to date on the latest technology trends. Think of all of these factors and you can begin to see how a driver falls for this scam.

Note: A lot of these scammers will try and get you excited about ‘extra earnings’ or ‘special bonuses’ so you’re more willing to give your information up.

My Thoughts

I think we should treat our driver profiles and accounts the same way we treat our bank accounts. Never provide ANYTHING personal over the phone that can allow access to your account. The very first of these things is your email and password. Just ask yourself “Can someone use this information to access my account?”

Aside from that, any system that can “chuck” money into a bank account “instantly” is a ripe target. Scammers can do this in a few seconds, so the reward is high for them. Right now, most of these scams seem to be very preventable. So again, do not give your information to people who call you while you drive.

My other advice? Try to keep them on the phone as long as possible so you can collect the cancellation fee.

If you would like to have your faith restored in humanity after reading this article, here is a video of an 80 year old woman scamming a scammer for $50.

Readers, have you been a victim of this scam or has someone tried to scam you while driving? Let us know in the comments.

mm

Phil Lancaster

Click Here to Leave a Comment Below

Leave a Reply:

wp-puzzle.com logo