Rideshare Account Hacker Faces up to 22 years in Prison

A man pleaded guilty to fraudulently opening rideshare and delivery service accounts using stolen identity information sold on dark web marketplaces.

Flavio Candido da Silva, 36, resident of Malden, Massachusetts, has pleaded guilty to one count of conspiracy to commit wire fraud and one count of aggravated identity theft in a federal court in Boston.

The man is believed to be a leading actor of an 18-member team who stole identities and falsified documents to create false rideshare and delivery service accounts and then sold or rented them to other individuals.

Also Read: Vulnerability Management For Cybersecurity Dummies

The fraud scheme

The defendant obtained victim names, dates of birth, driver’s license information, and social security numbers (SSNs) on dark web marketplaces and used them to forge counterfeit documents.

The photographs used for circumventing the facial recognition checks used as protection measures in rideshare and delivery service provider systems were often taken directly by the actors.

For this purpose, the scammers intentionally caused a minor vehicle accident to exchange information with the victim or photographed the victim’s license while completing an alcohol delivery through one of the services.

“As a result of the scheme, Internal Revenue Service Forms 1099 were generated in victims’ names for income that conspirators earned from the rideshare and delivery companies,” reads the announcement from the Department of Justice.

In addition to the above, da Silva used GPS spoofing technology with bots to make it appear as if he was making deliveries.

This practice artificially increased his income and raised the amount of damages incurred to the victimized companies to about $200,000.

To prevent getting his accounts flagged for fraudulent activity, da Silva referred drivers to other co-conspirators and coordinated with them to ensure the submission of positive service feedback.

The sentence of da Silva and his co-conspirators will be announced on April 22, 2022. Wire fraud charges are punished by up to 20 years in prison, identity theft carries up to two years, while a fine of $250,000 or twice the gross gain/loss from the offense will also be considered.

Also Read: Compliance With Singapore Privacy Obligations; Made Easier!

A large-scale problem

The activities of da Silva and his co-conspirators are just an example of a widespread phenomenon that has turned gig workers into hacking targets.

Ever since the start of the pandemic and the emergence of a broad gig worker economy, hackers have been trying to get their hands on the accounts of rideshare and delivery workers to steal their hard-earned money.

The internet is full of social engineering examples against rideshare workers who lost their accounts and balances to hackers. So if you’re working as one, be sure to enable multi-factor authentication on your accounts and be careful with who you share personal information.