I was going to post this to !vancouver@lemmy.ca, but I figured scammers might be trying this across the country.
My understanding is that scammers are making fake driver accounts, and then using social engineering to ask the user for their phone number. They then try to break into the account, and try to get the user to tell them the access code from the email by pretending it’s required for verification.
Helpful statement from Uber:
“Riders and drivers should never share personal account information, such as passwords or verification codes, with anyone. We take the security of users’ accounts very seriously, and if users believe they have been scammed, we encourage them to report it to us so we can investigate and take action,” Uber said.
Questionable statement from Uber, since they should probably investigate and ban the scammer?
“We ensure that the driver will be sent a warning for this incident. Drivers are sent warnings as well for high cancellation rates, and it’s in the best interest of all users that cancellations occur as infrequently as possible,” support told Mackay.
This is a fairly common scam that just happened to be done by an uber driver. This is why corps should never rely on email or sms for 2fa, it leads to uninformed people being conditioned to think a thing like this scam is normal. This same scam could be done by a package delivery driver, or just about any kind of “gig” worker who thinks they can get away with it.