Mastodawn

🚨PSA: Uber Eats Scam🚨

There’s a scam being run on Uber Eats and I got hit.

* Brand new bicycle delivery “driver” acct
* They use GPS spoofing to fake being at the dropoff
* They message you once, then ignore you for 30 minutes
* Can’t call, their phone number is fake
* They mark your order delivered
* Uber support instantly dismisses it
* Can’t call Uber, no phone #

This WaPo reporter was scammed twice and wrote a summary:
https://nitter.net/chrisd9r/status/1666900028848308224

🚀 and/or tell ppl to stop using Uber Eats

Chris Dehghanpoor • chrisd9r.bsky.social (@chrisd9r)

Anatomy of an @UberEats scam: Bike courier "picks up" order. They idle @ pick up spot after picking up. 10-25 min later, GPS suddenly shows they're @ delivery location. Order's "delivered" - but nowhere to be found. Here's how it works & why it's bad for drivers & customers

Nitter

Landon Epps Jun 14, 2023

I hate that this looks like an engagement tweet, but I feel like the message here is super important and non-tech people won’t understand the GPS spoofing part of the scam unless they’re already aware of what it looks like.

Landon Epps Jun 14, 2023

Here’s my full writeup that I shared with the reporter

Mike Nichols Jun 14, 2023

@landonepps Any good articles/videos on how scammers are able to spoof GPS for something like this? I've never heard of it, but now I'm curious.

Landon Epps Jun 14, 2023

@mikenichols Whatever I got hit with is probably not public. I know Uber tries to detect this, so I’m guessing the scammers are using a new exploit.

But here’s one for iOS: https://github.com/Schlaubischlump/LocationSimulator

I think the scammers are most likely using a rooted Android device or a hacked app.
Here’s some Android apps that people are selling(?) that do gps spoofing:
https://youtu.be/hfos8ZpLIl8
https://youtu.be/6_IqzZCCqOw

GitHub - Schlaubischlump/LocationSimulator: MacOS application to spoof / fake / mock your iOS / iPadOS or iPhoneSimulator device location. WatchOS and TvOS are partially supported.

MacOS application to spoof / fake / mock your iOS / iPadOS or iPhoneSimulator device location. WatchOS and TvOS are partially supported. - GitHub - Schlaubischlump/LocationSimulator: MacOS applica...

GitHub

Mike Nichols Jun 14, 2023

@landonepps Ah! So they're liking creating their own app/web-service that uses Uber's APIs? Obviously we don't know for sure, but I was thinking they were still using the Uber app itself somehow.

Landon Epps Jun 14, 2023

@mikenichols I’m not entirely sure. It looks like the Android examples I found are a separate app that sets the gps location in the OS and this gets passed through to the actual Uber app.

But it’s also possible that they also patched the Uber app to remove spoofing detection. I don’t think it’s purely a hacked Uber app because that would be incredibly hard to implement.

Mike Nichols Jun 14, 2023

@landonepps Ah I see, yeah it would be really hard. This is really interesting though, thank you for sharing the details! I'm no security expert, but I've always been curious about what we/companies can do to prevent scams. There are so many!

@landonepps scammers and grifters leverage trust and accountability issues in clown services. Whodathunk!

Ted Rogovein Jun 14, 2023

@landonepps Wow. Stupid decision by Uber. And a warning not to use the service.

The IT Nerd Jun 14, 2023

@landonepps
Thank you for surfacing this. I will be writing a story on this and will post this shortly on both Mastodon and even the bird site to get the word out.

Kevin Hayes Jun 14, 2023

@landonepps @leigh Note in situations like this, you can call your credit card company and ask for a chargeback.

Landon Epps Jun 14, 2023

@kevinbhayes @leigh I’ve gotten burned pretty badly by doing a chargeback before, so I’m a bit hesitant to.

I had purchased some software but never received the license key or any response after trying to contact the dev for multiple months so I requested a refund on PayPal.

fastspring.com, the e-commerce platform, shadowbanned my account and the error message they gave me was about my payment method being invalid. I was confused because nothing I tried worked.

Landon Epps Jun 14, 2023

@kevinbhayes @leigh FastSpring also seemingly blocked me from getting support, because they wouldn’t respond to any of my emails.

It wasn’t until I reached out to the dev for LaunchControl 2 (great Mac app, btw), who reached out to FastSpring on my behalf, that I found out my email had been blocked because of the chargeback.

> “As far as we can see this customer has issued a Chargeback with a different seller before. That is the reason we do not accept payments from him.”

Landon Epps Jun 14, 2023

@kevinbhayes @leigh Robby, the LaunchControl dev, fought for me and finally got them to remove the block, but this took up so much of my time that it really wasn’t worth the $30 or whatever I got back from PayPal.

Leigh Honeywell Jun 14, 2023

@landonepps @kevinbhayes yeah, chargebacks against platforms like Uber, Amazon, etc are only worth it if you’re ok never using the platform again - they will ban your account. Pretty common misunderstanding of the process, I’ve seen

Krupo Jun 18, 2023

@landonepps @kevinbhayes @leigh the secret is to rely on chargebacks from your credit card company rather than PayPal

I had the Italian train company literally shrug at me when they double charged me for a ticket and I tried to fix it on the spot while on vacation.

Submitted the evidence to my credit card company. Charges reversed.

Kevin Hayes Jun 15, 2023

@landonepps @leigh yikes, I’m sorry to hear that.

Aviel Jun 14, 2023

@landonepps The answers you got from Uber in chat are so robotic and annoying 😳 and pretty crazy they were just like “ok we’re done here bye” it looks like you were talking to ChatGPT trained to answer any message with some variation of “we are sorry, we are not helping”…

Landon Epps Jun 14, 2023

@aviel Yeah I honestly couldn't believe how bad support was. I sent them screenshots of what happened and they just ignored me and my request to escalate and hung up.

I had to take it to Twitter and continuously tag Uber support along with screenshots of how bad my support experience was for someone from “Priority Support” to reach out and actually help.

Crazy that I had to make a fuss on social media for anyone at Uber to care. I’m reporting fraud on their platform and they just don’t care.

Aviel Jun 14, 2023

@landonepps “Don’t go to the press - it never helps” sureeeeeeeeeee

Landon Epps Jun 14, 2023

@aviel I got super lucky that a Washington Post reporter picked up on it and wrote that thread. If he hasn’t done that I’m not sure Uber would have responded at all. I don’t have a ton of followers, and unlike Mastodon where all my followers are guaranteed to see my posts, the algorithm can just suppress them.

Matt Savener Jun 14, 2023

@aviel @landonepps I suspect every one of these replies is AI. It should have escalated to a human at two different points here and didn't.

I saw a story from WaPo recently that Uber Eats takes the smallest cut of all the delivery services, so maybe this is why.

Aviel Jun 14, 2023

@msavener @landonepps Omg this is so bad

Isobel Ardent Jun 15, 2023

@aviel @landonepps I was thinking the same thing, the responses were so heavily scripted and inflexible, it sounded like an AI interaction.

Dane Deasy Jun 14, 2023

@landonepps @brentsimmons don’t use food delivery apps

Landon Epps Jun 14, 2023

@danedeasy @brentsimmons I certainly won’t be using Uber Eats anymore. Sadly I still have to use delivery apps because my company does our work lunches through GrubHub.

@landonepps the easiest/best solution in this situation is file a credit card dispute (if you paid with a credit card). Most likely the amount in dispute isn't even worth the bank's time to investigate so they'll just automatically decide in your favor (and of course, if they do investigate, they'll also decide in your favor). The only potential downside is that Uber may block you as a customer if they get hit with a chargeback from your bank.

Landon Epps Jun 14, 2023

@MarkWillard I wanted it to be my last resort because, as much as I never want to do business with Uber again, in some US cities it’s the only practical way to get around.

I’ve had a bad experience dealing with the repercussions of a chargeback before and I don’t want to be banned by Uber for life. Especially because, after this experience, I think their customer service would just ignore me instead of saying “that chargeback was reasonable, I’ll unblock you”
https://mastodon.social/@landonepps/110542884710303142

Krupo Jun 18, 2023

@landonepps @MarkWillard I mean you could always set up a new account down the road if you really needed to go back to them.

Mike Rodriquez Jun 14, 2023

@landonepps presumably you can dispute the charges w/your card company, but what a PITA.

Jef Poskanzer Jun 14, 2023

@landonepps The only people that gig companies treat worse than their workers are their customers.

@landonepps is this why I've been getting codes to verify an Uber account I never made?

Landon Epps Jun 14, 2023

@Sqaaakoi Possibly? The Washington Post reporter seems to think these scammers are creating a bunch of accounts with stolen identities.

@landonepps Is there any way to avoid this? You can't reject a driver, can you? I don't remember ever seeing that in the app, but I've never looked.

Steve Oh 🇺🇸💙✊🟰🗽🇺🇦Jun 14, 2023

@landonepps - I’ve never used them, never will!

Matt Zagaja Jun 14, 2023

@landonepps This happened to me on Sunday. I have contacted Uber support 3 times and they refuse to provide an email or mailing address for their legal team to receive a demand letter.

Landon Epps Jun 14, 2023

@mzagaja For the record, it’s almost certainly [email protected]. I found it listed on their Japanese site.

You can also try calling 1-800-314-2308 or 1-800-253-9377.

Kévin ⏚Jun 14, 2023

@landonepps @mzagaja expect it to not work, their listed [email protected] mailbox doesn't exist either so I had to send the complaint to the CNIL instead

Matt Zagaja Jun 14, 2023

@kc @landonepps thanks both. I filed an official complaint with the Mass AG's Office and did finally find a registered agent snail mail address in the Mass Corporation database so will likely send a 30 day demand letter under Mass Consumer Protection act certified mail to there. Would think email would save them time, but guess the harder they make this, the more money they can keep in their pockets.

Landon Epps Jun 14, 2023

@mzagaja @kc Are you in Boston, too? When I searched Twitter to see if anyone else was hit by this same scam I found someone with the exact same experience. When I checked their screenshots, it turned out they had ordered from a five guys just down the street from me.

This can’t be a coincidence. I’m guessing there’s a group that is running this scam in Boston.

Matt Zagaja Jun 14, 2023

@landonepps @kc Yep, the order was from the McDonald's at South Station. Only the smartest scammers here in nerd city. 🙃

Landon Epps Jun 14, 2023

@mzagaja @kc I think we’re onto something here. The person I found ordered from the five guys right by South Station, too: https://nitter.net/kilosaur/status/1662637988344389633#m

Hippups (@kilosaur)

@UberEats @Uber_Support I don't know how #Ubereats customer service can be so atrocious. No food received = No refunds??😡The only people eating are the scam couriers that Uber Eats does nothing about. Can't DM either. May finally be time to switch to another delivery service.😡

Nitter

Matt Zagaja Jun 14, 2023

@landonepps @kc wow. The delivery person's name was "crystal" and they had a picture. No photo in the delivery confirmation spot. Said they were on their way and it started a timer. GPS showed them outside my door, but nobody was visible. I texted them "where are you" and got no response. Calling their number said it was "disconnected” by Verizon.

Landon Epps Jun 14, 2023

@mzagaja @kc Word for word what happened to me except the “driver” had no pic. Feel free to include me in your complaint if you feel it’ll help somehow.

Chris Dehghanpoor Jun 15, 2023

@mzagaja @landonepps try [email protected] - that's their head of customer operations.

Michael Porter Jun 14, 2023

@landonepps @leigh Something tells me the person at the other end of that "live" chat isn't a live person.

Quenby Jun 15, 2023

@MichaelPorter @landonepps @leigh
I felt the same, but it's also possible that they have been trained to just keep repeating the same thing as an attempt to de-escalate. It doesn't work but it sometimes makes peope go away. It's also possible that they have to stick to a script when someone is upset.

I feel like somewhere between the person and what they typed is some kind of thing though even if I can't figure out what the thing is.

The only thing that seemed like a real person there was the "if I were you I'd feel the same" which is nothing would ever expect to see in any training, call center script.
Nor would any responsible or ethical person would allow on a chat bot.

However, responsible and ethical is not a standard I think means much to a company like that.

DΛNIEL TʘMΛN Jun 14, 2023

@landonepps ugh, fuck uber. I’ve rage deleted the app more than once over their bad service and utterly indifferent support. never going back.

DΛNIEL TʘMΛN Jun 14, 2023

@landonepps @zachnfine not to mention their dirty manipulation of the ballot in California and elsewhere. evil, evil company.

Anguirus Jun 14, 2023

@landonepps in my experience, UberEats is the only app in which I have had any success with accountability. If that’s changed, I’ll have to change services again.

krez56 Jun 14, 2023

@landonepps If Uber Eats is aware of the scam, it seems it should be easy to check with the restaurant that the food was picked up. Or add a safeguard that the restaurant checks off that the food was picked up.

Steve Jun 14, 2023

@landonepps @geekgrrl typical chat experience from them. Had similar brush offs from Just Eat about a rider who threatened me and Deliveroo over various errors. But those weren’t scams. This is a worrying development. Thanks for sharing

Earthling Jun 14, 2023

@landonepps The other scam is people using delivery platforms that routinely practice wage theft and dramatically cut into the restaurants’ bottom line, resulting in higher prices for all customers.