You have more to worry about than getting a crazy passenger or driver; Uber is the latest target for a new malware scam. This convincing app aims to trick unsuspecting individuals into revealing sensitive banking information by masquerading as a familiar, trusted app. Here’s how it works – and how to avoid becoming a victim.
The Setup: Details About the Malware
Scammers mimic an authentic app such as Google Play, Uber or What’s App in an attempt to get you to disclose your personal information. Since you likely already disclose your credit card or payment information to commerce sites like these, the cybercriminals hope you’ll add your information without realizing that the message or prompt you just received was a fake.
The malware attack begins with an innocent-seeming SMS message, which delivers an authentic-looking link from one of the targeted companies. Once you click on that link, your device begins downloading the malware package. Once installed, the malware will search through your device and attempt to locate a legitimate app that it can use. Once it finds a suitable application (right now, Uber, What’s App and Google Play have been targeted), the app creates a convincing login page designed to allow you to interact as you expect to. Once you’ve logged in, the app will prompt you to re-enter your sensitive details, including payment information.
Why It Works
This malware scheme tricks users into thinking they are interacting with a legitimate, trusted application. By pretending to be a legitimate site that simply needs details, and by only launching when a legitimate site is purposely opened, victims are tricked into believing that the page they are seeing is genuine. The same user who would never give away their credit card details via email or SMS will simply enter them into the device when prompted.
Don’t Be a Victim
This is a sophisticated piece of malware that is tough to detect once launched. According to PC World, only about 10 percent of the most commonly used security tools detected the malware at all. The best way to avoid this scam, then, is to avoid triggering it in the first place. Unsolicited SMS messages directing you to a link should be treated as suspect. In many of the recent cases, victims were lured to click on a link that promised package delivery details or shipping information. If you do click a link, be aware of any downloading that happens; setting your device to ask you for approval before download may help, but avoiding the link in the first place is the best way to avoid the Uber malware scam entirely.
QualityIP is the trusted choice when it comes to staying ahead of the latest information technology tips, tricks and news. Contact us at (330) 931-4141 or send us an email at info@qualityip.com for more information.