Early this year, my Uber account was hacked by someone and money was
deducted from its connected Paytm wallet. I had raised this issue with Uber Customer
Care, but they were hopelessly indifferent in helping me. I would describe the
sequence of events that unfolded, so that you can beware and try to avoid
similar situations with your Uber account.
I use Ola Cabs as a cab hiring service frequently; but I have
also installed Uber app and use it in the rare occasions when Ola cabs are not available.
For convenience I had also attached my Paytm wallet with my Uber account.
Warning-1
Once I realized that I had started getting SMS on my
cellphone for a while, which came with an OTP for login into Uber app; which I
had never requested. I did occur to me that may be some hacker was trying to
make login attempts; but I thought that since the phone was with me, he would
not be able to succeed. I was also very busy in office and did not get time to
log into Uber app which I seldom used anyway; and to check if everything was
okay in there.
Warning-2
I used to receive some emails from Uber which I used to
ignore; since I was not using their service frequently. After my account was
hacked and when I tried to investigate; I saw that Uber had sent me email once saying
that my email ID was changed in my Uber account. But I had not changed it! When
I logged into my Uber account after my account was hacked, I could see that the
hacker had put some other email ID (email ID still beginning with letters of my name “Rahu”…).
Warning-3
During my investigation I also found that Uber had sent me an
email telling me that my Uber account was logged into a device in Russia! I had
not seen this email because of I was not using Uber those days and hence did
not know about it.
Later, using the above IP address, I could check more about it on websites and also reported it for scam on below website:
Main Event
One evening while I was in office, I received an SMS from Paytm
that an amount was deducted from my Paytm wallet. I was too busy to think about
it. After returning to home, it came to my mind that on that particular day I
had not really used Paytm. So I opened my Paytm app and saw that the amount was
deducted as a charge for taking Uber ride (which I had not taken). So I tried
to log into Uber account and when I logged into Uber app, I found that all my
travel history was erased. Even there was no record of that trip which caused money
deduction from my Paytm account!
Customer Care Help
Realizing there was something wrong; I called up the Uber
customer care. They checked the data from backend and said that they were also not
able to see any travel history and they could not understand why my Paytm wallet
was charged by Uber (they were able to see that Uber had charged my wallet). But
they declined to help me and asked to approach Paytm for reversal of the
transaction.
I reached out to Paytm with this request, but Paytm told me that
only the App which charged my wallet would be able to revert (credit the
amount) to my wallet. It is natural; just like it happens in banks. Once we
withdraw an amount from our account, we can’t ask the bank to “reverse” the
transaction. We shall need to make another transaction and deposit the money in
the account once again. Frustrated at the illogical suggestion by Uber customer
care, I called up the customer care once again. But there was a bigger surprise
to come!
As I was talking to Uber Customer Care, in the meanwhile I
received an SMS that another amount was deducted from my Paytm wallet. I
checked and found that the hacker had taken another fake ride and charged my
wallet. Uber customer care once again declined to help, saying they could not
see any ride taken in my travel history and they asked me to reach out once
again to Paytm!
I searched the internet to find any clues and found that
there is a practice of “Ghost Rides” that are taken by hackers using some other
person’s account. So it seemed that the hacker was from Russia (that is how my
account was logged into his device in Russia – as per Uber’s email) and he had
taken 2 rides in Russia using my account; and money got auto-deducted from my
wallet.
In the meanwhile, I did some transactions and emptied out my
Paytm wallet to make the balance amount zero. I also removed all linked wallets
and cards from my Uber, Ola and all other apps I could remember.
I sent a written complain to Uber support but every time they
just called me up and told me the same – that they won’t be able to help and I
had to ask Paytm to get my money back. After chasing them for several days, I
decided to quit. I deleted my Uber app and resolved not to use such an unsafe
and insecure app again.
The Lessons
The lessons I learnt from this episode are:
- Keep checking all SMS and emails that you receive from such apps; even if you are not using those actively
- Do not “save” card details or link wallets in apps which you do not use frequently. It is better to connect as and when needed
- Several times “cash” option is still the safest option
- Do not assume that the Customer Care will be able to help you; sometimes they are useless and apathetic
- Do not keep so many apps in your phone that you forget what all you have got. Keep the minimum ones which you use regularly and for those apps which you use once in a blue moon, install when needed and uninstall after use
Hope my blog post describing my experience would have opened
your eyes to this type of scams. You can also search the internet to know more
about such scams and be better prepared if anything wrong happens with you.
- Rahul Tiwary