Showing posts with label uber. Show all posts
Showing posts with label uber. Show all posts

Thursday, August 15, 2019

How my Uber Account was Hacked and Money Stolen from my Paytm Wallet


Early this year, my Uber account was hacked by someone and money was deducted from its connected Paytm wallet. I had raised this issue with Uber Customer Care, but they were hopelessly indifferent in helping me. I would describe the sequence of events that unfolded, so that you can beware and try to avoid similar situations with your Uber account. 

I use Ola Cabs as a cab hiring service frequently; but I have also installed Uber app and use it in the rare occasions when Ola cabs are not available. For convenience I had also attached my Paytm wallet with my Uber account. 

Warning-1

Once I realized that I had started getting SMS on my cellphone for a while, which came with an OTP for login into Uber app; which I had never requested. I did occur to me that may be some hacker was trying to make login attempts; but I thought that since the phone was with me, he would not be able to succeed. I was also very busy in office and did not get time to log into Uber app which I seldom used anyway; and to check if everything was okay in there. 

Warning-2

I used to receive some emails from Uber which I used to ignore; since I was not using their service frequently. After my account was hacked and when I tried to investigate; I saw that Uber had sent me email once saying that my email ID was changed in my Uber account. But I had not changed it! When I logged into my Uber account after my account was hacked, I could see that the hacker had put some other email ID (email ID still beginning with letters of my name “Rahu”…). 



Warning-3

During my investigation I also found that Uber had sent me an email telling me that my Uber account was logged into a device in Russia! I had not seen this email because of I was not using Uber those days and hence did not know about it. 


Later, using the above IP address, I could check more about it on websites and also reported it for scam on below website: 


Main Event

One evening while I was in office, I received an SMS from Paytm that an amount was deducted from my Paytm wallet. I was too busy to think about it. After returning to home, it came to my mind that on that particular day I had not really used Paytm. So I opened my Paytm app and saw that the amount was deducted as a charge for taking Uber ride (which I had not taken). So I tried to log into Uber account and when I logged into Uber app, I found that all my travel history was erased. Even there was no record of that trip which caused money deduction from my Paytm account!


Customer Care Help

Realizing there was something wrong; I called up the Uber customer care. They checked the data from backend and said that they were also not able to see any travel history and they could not understand why my Paytm wallet was charged by Uber (they were able to see that Uber had charged my wallet). But they declined to help me and asked to approach Paytm for reversal of the transaction. 

I reached out to Paytm with this request, but Paytm told me that only the App which charged my wallet would be able to revert (credit the amount) to my wallet. It is natural; just like it happens in banks. Once we withdraw an amount from our account, we can’t ask the bank to “reverse” the transaction. We shall need to make another transaction and deposit the money in the account once again. Frustrated at the illogical suggestion by Uber customer care, I called up the customer care once again. But there was a bigger surprise to come!

As I was talking to Uber Customer Care, in the meanwhile I received an SMS that another amount was deducted from my Paytm wallet. I checked and found that the hacker had taken another fake ride and charged my wallet. Uber customer care once again declined to help, saying they could not see any ride taken in my travel history and they asked me to reach out once again to Paytm! 

I searched the internet to find any clues and found that there is a practice of “Ghost Rides” that are taken by hackers using some other person’s account. So it seemed that the hacker was from Russia (that is how my account was logged into his device in Russia – as per Uber’s email) and he had taken 2 rides in Russia using my account; and money got auto-deducted from my wallet. 

In the meanwhile, I did some transactions and emptied out my Paytm wallet to make the balance amount zero. I also removed all linked wallets and cards from my Uber, Ola and all other apps I could remember. 

I sent a written complain to Uber support but every time they just called me up and told me the same – that they won’t be able to help and I had to ask Paytm to get my money back. After chasing them for several days, I decided to quit. I deleted my Uber app and resolved not to use such an unsafe and insecure app again.


The Lessons

The lessons I learnt from this episode are:
  1. Keep checking all SMS and emails that you receive from such apps; even if you are not using those actively
  2. Do not “save” card details or link wallets in apps which you do not use frequently. It is better to connect as and when needed 
  3. Several times “cash” option is still the safest option
  4. Do not assume that the Customer Care will be able to help you; sometimes they are useless and apathetic 
  5. Do not keep so many apps in your phone that you forget what all you have got. Keep the minimum ones which you use regularly and for those apps which you use once in a blue moon, install when needed and uninstall after use
Hope my blog post describing my experience would have opened your eyes to this type of scams. You can also search the internet to know more about such scams and be better prepared if anything wrong happens with you.

- Rahul Tiwary


Tuesday, December 9, 2014

Uber Banned in India for Right Reasons



In India, because we were ruled by corrupt parties/politicians in the past, we developed an attitude which said, "if govt has done something, it must be wrong." This theory explains why as soon as we heard about any decision made by govt, our first reaction was, "it is wrong". After recent crime in Delhi by its driver, govt banned Uber. Since Delhi is under central control, opposition got chance to target BJP/Modi govt over it. But if we care to read the news, Uber was banned for right reasons.

Uber does not even have a call center. No emergency number passengers can contact. Also no police verification for drivers. No permit for rent-a-cab. Uber also violated RBI's guidelines on its payment service. The only problem is that it was not banned before and banned only after something horrible happened.

Delhi is too important a place for Govt not to be knowing about this service. They should have banned it from the beginning until it complied with the rules. And we should thank govt for taking actions like these - if govt continues like this, all companies will become responsible in maintaining safety services for us. This ban shows, that govt is decisive, it took big decision to ban companies because of one incident of rape. In the past what was govt's attitude? "It is only one case", "it is exceptional case" etc etc..  and now? We shall ban a company if they fail in maintaining safety features for women. We should note this change in attitude by the govt and we should appreciate it.

And if we think that only a poor and uneducated country banned it in one state - we should know that others like Spain have done it too for same reasons:

Uber banned in Spain & Thailand, sued in Portland, hassled in Rio
On Tuesday, both Thailand and Spain banned Uber. You know the drill by now: The company’s drivers don’t have taxi permits and/or insurance, and the authorities have had an earful from furious cab drivers who do have to pay for such things. Yesterday it was authorities in Delhi that told the firm to stop operating locally, after an Uber driver allegedly raped a passenger. Meanwhile, the cities of Rio de Janeiro in Brazil, and Portland, Oregon, have also told the firm to stay off the roads (via police complaint and lawsuit respectively), and an Uber driver in San Francisco has been charged with misdemeanor vehicular manslaughter for driving over and killing a six-year-old girl.
https://gigaom.com/2014/12/09/uber-banned-in-spain-thailand-sued-in-portland-hassled-in-rio/
Also at: http://www.bbc.com/news/business-30395093

Also, I wonder why we (people like us) also did not notice the potential threat. Many people in our office were using this service; they were giving away some code to get Rs 300 discount on Uber app; no one thought that absence of an emergency number or even a call center could be security threat... Uber's marketing was so strong that people did not doubt it or expected anything wrong from Uber's part.. Media was busy writing articles about Uber's Mercs and BMWs and at the most about its payment service which saved customers' credit card numbers (as if we did not want to burn calories in swiping our cards every time). If this is to indicate, we must do safety audit in many other sectors and services too...


Disclaimer: Views expressed are personal and do not reflect views of any organization author is associated with.