This morning Malwarebytes Labs received a scam masquerading as a security alert from Uber. The alert was pretty convincing and used the kind of language we’re used to seeing in genuine security emails and SMS messages. It read:
Your Uber account was recently logged into from iPhone in London. If this wasn't you, reset your password here: [URL redacted]
But what really caught our attention was that the fake security alert came from the phone number that the real Uber uses to send us messages. Of course that doesn’t mean that Uber has been compromised, or that somebody at Uber is running the scam—caller ID spoofing is easy and scammers use it to make their messages appear to come from Uber.
Because it spoofed the real Uber number, the scam security message appeared alongside all the real security messages we get from Uber.
The fake alert appears alongside real security messages from Uber.
We noticed that the message was a scam because the domain name (the part of the address that ends in .com) just didn’t look right. Although it contained the word “uber” it wasn’t the official Uber domain name, uber.com.
We looked it up and discovered the domain name had only been created today.
Creation Date: 2021-09-24T02:13:38Z
Because scam sites get shut down very quickly, scammers get through a lot of “burner” website names that live and die within days. Most company’s domain names have been around a while, so a very recent creation date is a big red flag.
Another quick check revealed that this absolutely brand new ..
Support the originator by clicking the read the rest link below.
