August 5, 2019

Uber, a company famous for cheap rides and a massive data breach in 2016.

And, with big names and data breaches come big scams; Uber is no exception to this rule. This week’s scam looks at a variant on phishing, SMiShing and how the famous brand of Uber is being exploited for ill-gains.

The Bring Your Own Device (BYOD) culture coupled with our love of texting is used by cybercriminals to commit cybercrimes, including ransomware attacks, data theft, account takeover, and general theft. SMiShing uses text messages instead of emails as a conduit for a phishing scam. The text message-based scam isn’t new, but it is an ever-present danger.

What does the Uber SMiShing Scam look like?

Uber scam

The Uber scam text message we received seems to be periodically doing the rounds. A quick check on Reddit found a number of similar scams.

The message is a simple one; it contains a four-digit “Uber code” with the advice to reply STOP to the phone number offered in the text message.

What could possibly go wrong if you send STOP to this number?

This scam is similar to an Uber text message scam that focused on New Zealand residents last year. The scam was a “Premium SMS Scheme”. If you use the number in the message to send STOP or send any message to the number, you will be charged for doing so; the fraudster then receives this money.

A quick google of the number in the text message found that it is likely a premium rate number that will make a charge against your mobile phone account if used.

Alternatively, this could be an attempt to access your account. When you set up an Uber account you receive a code which is used to confirm the phone number associated with the account.

How can you tell it’s a scam?

This particular scam is a tricky one to work out; it could turn out to be a real message from Uber. The company has recently been in trouble for spam messages, sending out many multiple messages to individuals, each containing an Uber Code. Uber is now being taken to court over similar, legitimate, text messages in a class-action lawsuit  – the Uber Text Message TCPA Class Action Lawsuit.

Even if this message is not a Premium SMS Scheme scam, it pays to be vigilant. The email addresses and phone numbers of 57 million Uber customers were breached in 2016. You can check to see if your email address has been involved in the Uber or other breaches using this tool: https://haveibeenpwned.com/

It is also worthwhile making sure your Uber password is a robust one. The Defence Works recommends using a mix of three or four memorable words together in a string – a passphrase, rather than a password. Use this alongside the requirement of the Uber password policy of including at least one number to your password. You can reset your Uber password using this link:


If you receive a message like this and have not been in the process of setting up an Uber account, be cautious.

You should delete the suspicious text message and consider reporting it to Action Fraud Online.

Why not help your colleagues stay safe and send them this little reminder. Feel free to edit, copy/paste the advice below: 

The Uber SMiShing Scam

A text message, which seems to be from Uber, should be viewed with caution. This may be a Premium SMS Scheme scam. The message gives you an Uber code and a phone number to reply ‘STOP’ to unsubscribe. Be cautious about using this number as it is likely a premium rate number and you will be charged if you use it.

Don’t forget to share this with your colleagues and friends and help them stay safe.

Let’s keeping breaking scams!

To help combat cybercrime in your business sign up for a free security awareness training demo.

Share this: