Kount LogoBLog Against FraudKount Logo

Phantom Ghost Rides

posted on: Fri Oct 27 2017

Perhaps you’ve heard the classic song Ghost Riders in the Sky? Well, there really are ghost riders. Except they’re not cursed cowboys. They’re cyber criminals wrangling mobile apps to leave rideshare fraud victims in the dust.

And while nearly 90 artists have recorded the Ghost Riders song, that number pales in comparison to all the different ways cyber bad guys can ride roughshod over innocent consumers and ride sharing providers. Here are just two of the most popular variations:Ride Sharing

#1 The Phantom Ghost Ride. This scam starts when cybercriminals steal login credentials from customers of ridesharing services and sell them on the Dark Web. Fraudsters can purchase these stolen accounts for as little as 50 cents each, although the cost can go as high as $6. In a variation on this tactic, fraudsters may also create multiple fake rider accounts using synthetic ID’s created using stolen Personally Identifiable Information (PII), also procured illegally from the Dark Web.

Next, the fraudsters create fake driver accounts, again using synthetic ID’s. And then it’s time for the fake driver accounts to charge the fake/stolen rider accounts for Phantom Ghost Rides. The fraudsters submit these fictitious “rides” to the rideshare company using use their fake driver accounts. Finally, the ride sharing provider submits requests payment to credit card processors from the accounts of unsuspecting victims (who rarely know their accounts have been compromised until it’s too late).

How big of a problem is this? According to Fortune's website, just one of the ridesharing services paid out between $1.5 billion and $2 billion to its drivers in just a single month. And while it’s not clear what percentage of this huge revenue stream has been lost to Phantom Ghost Rider schemes, fraud victims have logged Twitter posts such as these:

  • “I had a great ride in China this morning. Except, weird, I wasn’t in China this morning.”
  • “I am in Bangkok now. But my account showed I am riding in France.”

#2 The Phantom Ghost Referral. Another twist on ride sharing fraud exploits new rider referral promotions. Here’s how it works. A hacker will create a temporary phone number using one of various apps like Burner or NumberProxy. This bogus phone number is used to create the first fraudulent rider account, let’s say under the name of “Ira Crook.” 

The phantom Mr. Crook will then make referrals from this bogus account to “new” (but actually fake/fraudulent) accounts. Mr. Crook gets a $30 reward for each newly referred rider. And each new rider account gets a free ride—as well as the opportunity to refer other new riders. Criminal gangs made up of multiple fraudsters working in concert can make this scam spread like wildfire.

So what’s the protection or the cure? For consumers/riders:

  • Keep SMS notifications from your ride share provider set to ON.
  • Share your trip information via SMS/chat with a friend or family member to confirm the driver, destination and time of the trip.
  • Regularly verify your user profile from within the app.
  • Monitor your ride history, to make sure they are all authorized by you.
  • If you suspect you have been compromised, email your ride share provider ASAP. 

And for ridesharing services, the use of enterprise-class fraud prevention solutions like Kount Complete and Kount Access can provide the multi-layered antifraud capabilities that risk management analysts like Forrester recommend.

With account takeover attacks soaring—they increased 61% and generated $2.3 billion in losses last year—and 60% of overall fraud originating from mobile devices, stopping Phantom Ghost Rides can not only avoid huge customer service problems, but also prevent damage to your brand.

Find out how affordable and easy it can be to block fraudsters from getting access to your network: Read about Kount Access and click the gold button “Download Brochure” to read the Kount Access brochure. 

kount access.png