Network Security
Vulnerability Management
Privileged Access Management
Endpoint Security
Threat Hunting
Unified Endpoint Management
Email & Collaboration Security
Contents:
A 36-year-old man admitted he was using stolen personally identifiable information (PII) purchased from dark web marketplaces to fraudulently create rideshare and delivery service accounts.
According to BleepingComputer, Flavio Candido da Silva, a Malden, Massachusetts resident, admitted guilt in a federal court in Boston to one count of conspiracy to commit wire fraud and one count of aggravated identity theft.
The man is suspected of being a key member in a group of 18 individuals who used stolen identities and forged documents to open fraudulent rideshare and delivery service accounts, which he then sold or rented to others.
How Did the Attack Happen?
The hacker managed to collect victim names, dates of birth, driver’s license information, and social security numbers (SSNs) available for sale on dark web marketplaces and misused them to create fake documents.
As explained by BleepingComputer, most of the time, the hackers were the ones to take the photos used to bypass the facial recognition verifications used as security measures in rideshare and delivery service provider systems.
In order to exchange information with the victim, the fraudsters purposefully staged a small car accident or took pictures of the victim’s license while making an alcohol delivery via one of the services.
As a result of the scheme, Internal Revenue Service Forms 1099 were generated in victims’ names for income that conspirators earned from the rideshare and delivery companies.
The individual from Massachusetts also used GPS spoofing technology with bots to trick the victims into thinking that he is actually making deliveries. His income has artificially increased as a result of this practice, and the amount of damages incurred to the impacted organizations has escalated to around $200,000.
In order to avoid having his fake accounts pointed out for fraudulent activity, Flavio Candido da Silva introduced drivers to other collaborators and coordinated with them to guarantee the submission of positive customer service reviews.
Da Silva and his co-conspirators’ sentences will be made public on April 22, 2022. Wire fraud is punished by up to years in jail, identity theft by up to two years, and a fine of $250,000 or twice the gross gain/loss from the offense will also be taken into account.
A Growing Trend
Unfortunately, since the beginning of the COVID-19 pandemic, cybercriminals have been attempting to hack into rideshare and delivery workers’ accounts to steal the money they’ve worked so hard to earn.
It is recommended that rideshare workers use multi-factor authentication on their accounts and be extra cautious with who they share sensitive information.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, Youtube, and Instagram for more cybersecurity news and topics.
As a Senior Content Writer and Video Content Creator specializing in cybersecurity, I leverage digital media to unravel and clarify complex cybersecurity concepts and emerging trends. With my extensive knowledge in the field, I create content that engages a diverse audience, from cybersecurity novices to experienced experts. My approach is to create a nexus of understanding, taking technical security topics and transforming them into accessible, relatable knowledge for anyone interested in strengthening their security posture.
