Slide background



Get Your Tickets Now

Slide background



Uh oh!! Details inside!!

Melanie Ensign with Uber’s security team says the ringleaders for these schemes usually operate out of China or India. The person giving orders in Atlanta appeared to be based in an Indian city near the border with Pakistan.

That person uses online chat groups and other social media to reach out and recruit Uber and Lyft drivers for the scheme. Uber says that part is key, because if there are no drivers willing to participate – there is no scheme.

Once on board, the drivers can say where and when they want to take a ride, allowing them to make money on everyday errands or even long distance trips they were already planning to take for personal reasons.

Ensign says the ringleader overseas initiates the ride by hacking into existing Uber accounts. Uber says credit card and personal information are encrypted, so there’s no concern about identity theft, but weak and leaked passwords are allowing crooks to manipulate the service.

People usually never even know their account has been hacked because their credit card information gets swapped out with a stolen card to pay for the ride. The industry calls this acupuncture because the ride request is made right where the driver is located – ensuring they get the gig.

Once the driver makes it to the destination, the man in India gives the driver a good review and a tip with the understanding that 40 percent of all money made will get wired back.

Essentially, stolen money pays for the trip. Clean money gets wired back to India.

“If you look on the dark web where personal information is being bought and sold by a criminal, credit card numbers are incredibly inexpensive,” said Ensign.

While Uber says it’s the company that foots the bills for fraud, consumers have the headache of proving they didn’t take the ride and clearing their name.

Patrick Kelley, the chief technology officer for Critical Path Security, said welcome to modern day money laundering.

“I guess I was stuck between ‘Wow, this is a thing,’ and ‘how ingenious’,” said Kelley. “It may seem like just a little bit of money per transaction. But if you’re looking at this exponentially, then it adds up pretty quickly.”

Already, crooks are trying to skim more out of the deal using Uber Eats to place fake food orders. In this scheme, a restaurant agrees to receive a food order but never makes anything. The driver shows up, picks up nothing, but drives to another spot pretending to drop it off anyway.

Kelley said schemes like these can be used to launder money from more than credit cards. He pointed to ransomware payments, drug trafficking, human trafficking, and even money from child exploitation.

It’s not just Uber. During this investigation, we met one driver with Lyft who admitted to taking ghost rides for weeks.

A spokesperson for Lyft said they have security measures in place to prevent this kind of activity, as does Uber. Sometimes the companies say they allow the rides to take place to determine who else might be involved.

Both Uber and Lyft said the account of any driver involved in fraud is eventually terminated and they warn that drivers could face charges for wire fraud.

No comments