Earlier this morning, I received an email from Uber with the subject header "Account Update", requesting me to verify my account information.
But there was something amiss with the email, although I couldn't put my finger on it. Thus, I decided to wait till I got to my laptop so that I could check through in detail.
Looks legitimate right? Here's the correct Uber URL for account info:
About half a year ago, I did indeed download the app and created an account, but moved to using GrabTaxi because I didn't want to be a victim of the many problems plaguing Uber users (fraud drivers, overcharged fares, hacked Uber accounts and paying for rides that you've never taken, etc).
However, I've not used Uber since. So it surprised me when I saw this email come in this morning on my phone. At first glance, it looked completely legitimate. These folks have clearly gone to great efforts to try to cheat undiscerning consumers.
However, when I opened up my mailbox on the computer instead, I discovered these major red flags:
1. Sender's email address is NOT from Uber.
Why would an email from Uber regarding account information come from another email domain that isn't theirs? Aren't automated emails usually sent by generic addresses (info@ or admin@ or support@ etc)? How come this seems to be an individual's email address? Who is this Ding Hoang from Jabil, and why is he sending me an Uber email?
2. The email has various grammatical errors.
There is a missing full-stop at the end of the second sentence. And why is "log on" spelt as "Log on" in the middle of a sentence? I seldom encounter automatic emails with such language errors, moreover so from a big company like Uber.
3. The account link is not hosted on Uber at all.
When I first opened the email link (uber.com) on my mobile phone, I didn't notice the disparity with the URL at all. But when I viewed it on my computer, I realized the uber.com link is a hoax - the actual URL is housed on Dropbox instead.
For what? Does this Dropbox store other users' account info who were tricked by your email?
4. Hacked Uber accounts are sold for profits on the dark web.
You've heard of users complaining about ghost rides. Now check out the report from the International Business Times covering this issue here, where hacked Uber accounts are being sold for higher than stolen credit card details.
Here's the original email below:
See the part in red - they even try to scare you by threatening a temporary hold on your account. I can only imagine all the time-pressed folks who would fall for this scam.
To all UBER users, please note and be careful. After all, you wouldn't want to fall victim and see an unexplained charge on your credit card later on, would you?