Thousands of Uber Drivers Scammed Out of Millions of Dollars

CNET reports on what happened when a new Uber driver received a call from Uber telling him to cancel the trip and verify his account: The caller asked for his email. He gave it. The caller asked for his Uber account password. He gave him that, too, after a brief hesitation. Then the caller said to tell him the confirmation code he'd be receiving shortly via text. The driver told him the code once he got the text. This was the two-factor authentication needed to get into the driver's Uber account. "Nothing happened for the rest of the week," the driver says. "I didn't think anything of this again until Saturday." But in those following three days, the scammer had changed the driver's account settings and waited for the perfect time to withdraw money.... By Saturday night, his $653.88 in earnings from that week had been nabbed from his account...

Apparently the scam has hit thousands of ride-hail drivers, and millions of dollars have been diverted from their accounts, according to a lawsuit brought by the U.S. Attorney's Office in New York's federal court last November... [A] couple of key elements about Uber make it possible. When passengers hail a ride with Uber, they see the name of the driver and the car's make, model and license number, and they get an anonymized phone number to call the driver. All of this ensures passengers safely connect with the right driver. But it also makes it possible for the wrong people to see lots of information about drivers.
When one of the scam victims complained to Uber, he "was told he had to wait until Monday when he could talk to a representative in person at one of its driver hubs," although eventually Uber "agreed to credit the $653.88 back to his account as a 'one-time repayment courtesy.'"

Other scammers have gone after Uber directly, CNET reports, using GPS-spoofing apps to simulate long rides as "a way to pocket money via stolen credit cards, essentially using Uber as a makeshift money laundering service." Uber's data science manager spotted the fake rides because "weird" altitude coordinates indicated that the drivers were flying through the sky.

Really?

You'd have to be a moron to be an uber driver so this seems to match up well

Re:Really?

The caller asked for his email. He gave it. The caller asked for his Uber account password. He gave him that, too, after a brief hesitation. Then the caller said to tell him the confirmation code he'd be receiving shortly via text. The driver told him the code once he got the text. This was the two-factor authentication needed to get into the driver's Uber account.

So this story is really about Uber drivers being complete morons.

Re:Really?

[Calydor]

Pretty much, yeah. You'd think this story was from 1990 when good password management hadn't been drilled into the skulls of even the dimmest of dimwits yet.

You do not speak your password aloud, ever.
You do not send your password to another person, ever.
You most certainly do not read aloud the CONFIRMATION CODE that gets sent when someone has entered your password.

News Flash

[93+Escort+Wagon]

Some Uber drivers aren't particularly bright.

Re: Victim's fault?

Yes

Re:Victim's fault?

[gravewax]

The victims gave away there password and gave them their 2FA confirmation and then thought nothing of it till their money disappeared. I don't like Uber but fuck what more can you do to protect someone that voluntarily puts a gun to their head and pulls the trigger. YES it is partially the victims fault. This concept that you can't blame the victim when the victim is clearly a huge part of the problem is moronic.

Re:Victim's fault?

[duke_cheetah2003]

YES it is partially the victims fault.

Partly? BS. This is 100% victims fault. I mean, who gives away their login credentials AND 2FA to a stranger on the phone?

ZERO sympathy, sorry, this is the victim's fault. You don't get to cry foul if you open the door for the thief and point right to the valuables and say "I'll just be in the bathroom wanking off."

Re: This is not a scam

[Monster_user]

You don't get out much do you? At the very least you don't work in I.T. Computers are magic boxes that do many incomprehensible things like send random text messages. Its like magnets man, how do they work!?

Have you ever been faced with a completely incomprehensible thing, that you have been given instructions on how to operate it, but have no idea what to do when outside the standardized parameters of the day-to-day?

Have you ever been forced by progress itself to incorporate a mysterious and untrusted "blackbox" technology into your workflow simply to remain competitive and continue to bring home a salary? Or at the very least, have you ever been forced to incorporate or use tech you are not fond of?

Have you ever been in a foot race and finished behind the leader, as in not in first place? Perhaps not even in the top ten?

Do you typically score higher on Jeopardy than the contestants? Do you typically know more about medical science, bio-chemistry, and biology than your doctors? Do you typically know more about a vehicle than a highly paid mechanic? Do you have the ability to predict the weather with more accuracy than most meteorologists?

We are still introducing people to the technological developments of the past three decades.

Re:Victim's fault?

[Solandri]

Agreed. But it does bring up the issue that TFA codes probably need a warning placed alongside the code. "This code is for your personal use only. Nobody should ever ask you for this code. Never give the code to another person, even if they claim to be from [company] or [government]."

TFA is great, but not everyone understands how it works. And as a corollary, you shouldn't have to understand how TFA codes work in order to use them. Rather than putting a gun to your own head and pulling the trigger, a better analogy is putting a complicated piece of machinery whose function you don't entirely understand to your head. Such machinery needs to be designed with warnings and safeguards to prevent people who don't understand exactly how it works from hurting themselves.

Can you really blame them

[rsilvergun]

when we have stuff like this in America? Seriously, If I didn't know for a fact that that link is real and that somebody in a position of power made an argument against teaching critical thinking I'd have chalked it up to Poe's law.

What I'm saying is our education system and our society's values (at least in regards to critical thinking skills) failed these people. These aren't like climate change deniers for flat earthers or some such. They aren't choosing to be ignorant and dumb. They were either born that way or made that way.

The correct response isn't to laugh at them, it's to take pity and try to lift them out of their ignorance. Hell, you should do that even if it wasn't the right thing to do. These guys are dumb, yeah, but if you can talk them into giving up their Uber passwords imagine what a demagogue can talk them into. Where do you think dictatorships come from?

Re:It's been well documented that people under str

It is about taking responsibility for your mistakes and learning from it. If they never get blamed for it and always have people defending them and blaming others then they will NEVER learn from their mistakes. It isn't kicking someone while they're down when you are pointing out what they did wrong, NOT telling them is kicking them while they are down as they are destined to do it all again.