Threat Level: green Handler on Duty: Russell Eubanks

SANS ISC: Internet Storm Center - SANS Internet Storm Center Internet Storm Center

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Latest Diaries

Uber drivers new threat: the "passenger"

Published: 2017-07-24
Last Updated: 2017-07-24 17:57:00 UTC
by Renato Marinho (Version: 1)
2 comment(s)

This week I was told about a scam that surprised me due to the criminals’ creativity. A New York City Uber driver had his Uber account and day’s income was stolen by someone who was supposed to be his next passenger. 
While driving towards the passenger’s address, the Uber driver received a phone call from someone pretending to be from Uber. He told the driver that he knew he was on his way to get a passenger but it was necessary for the driver to stop and update his account data. Additionally, the driver should not worry about that run. Uber would compensate him and send another driver to pick up that passenger.

As the phone call came through the Uber app, the driver believed it to really came from Uber. The person on the other end of the call continued: “Please, I have to confirm your identity. Give me your e-mail address and phone number. Next, I’ll send you an SMS message and you’ll tell me the content.”. As expected, the Uber driver received the message and passed on the content.

It turns out that the message was sent by Google as part of the Uber driver's Gmail password recovery procedure. “Ok Sir, thank you for validating your identity. I’ve just updated your registration. Have a nice day.”—said the crook.

Now the criminals proceeded to reset that driver’s Gmail account and Uber password. The reason for that? Uber drivers that reach a certain earnings threshold for a day may ask Uber to transfer that day’s incomings to a pre-paid card number. That was exactly what the fake passenger did.

The crook’s social engineering approach is very cunning in the way that he/she created the privileged information used to entice the victim’s trust. In the end, that is just another way to exploit password recovery or two-factor authentication through SMS messages. Stay tuned.

Renato Marinho
Morphus Labs | LinkedInTwitter

Keywords: uber scam sms
2 comment(s)

If you have more information or corrections regarding our diary, please share.

Recent Diaries

Another .lnk File
Jul 23rd 2017
1 day ago by DidierStevens (0 comments)

Black Hat is coming and with it a good reason to update your "Broadcom-based" devices
Jul 22nd 2017
3 days ago by Renato (2 comments)

Malicious .iso Attachments
Jul 21st 2017
3 days ago by DidierStevens (0 comments)

Bots Searching for Keys & Config Files
Jul 19th 2017
6 days ago by Xme (3 comments)

Investigation of BitTorrent Sync (v.2.0) as a P2P Cloud Service (Part 4 ? Windows Thumbnail Cache, Registry, Prefetch Files, and Link Files artefacts)
Jul 18th 2017
6 days ago by Bojan (0 comments)

View All Diaries →

Latest Discussions

Luxury Sofa for Sale in Dubai | Best Buy Sacs Online | UAE
created Jul 19th 2017
6 days ago by Anonymous (0 replies)

Suspicious URL http://ust-af-com showing up as denied on logs
created Jul 13th 2017
1 week ago by Anonymous (0 replies)

International visitors come in Morocco to discover New Places
created Jul 11th 2017
1 week ago by ericwatson239 (0 replies) needs IPv6 address
created Jul 10th 2017
2 weeks ago by Anonymous (0 replies)

Increased traffic hitting TCP Port 10224
created Jun 28th 2017
3 weeks ago by Brad (0 replies)

View All Forums →

Latest News

View All News →

Top Diaries

Wide-scale Petya variant ransomware attack noted
Jun 27th 2017
3 weeks ago by Brad (6 comments)

OAUTH phishing against Google Docs ? beware!
May 3rd 2017
2 months ago by Bojan (6 comments)

Massive wave of ransomware ongoing
May 15th 2017
2 months ago by Xme (10 comments)

Checking out the new Petya variant
Jun 27th 2017
3 weeks ago by Brad (6 comments)

Malspam with password-protected Word documents
Mar 21st 2017
4 months ago by Brad (13 comments)