Lord777
Professional
- Messages
- 2,579
- Reaction score
- 1,510
- Points
- 113
Searching for fellow travelers on the Internet is a way to save money for both the driver and passenger. No wonder the French service "Blah-Blah-Car" quickly and easily caught on in Russia: after all, it's so great when you have the opportunity to make yourself better and help others.
Users of the service know that it is better to choose a driver who has been registered for a long time, and it is important to pay attention to reviews. The transfer of communication to instant messengers on this service was not alarming: right before the meeting, the person will already be driving, and prompt communication will not hurt. This is what the scammers played on. As a result, from a mutual aid service and a "green" project, "Blah-Blah-Car" turned into a fraudulent nest.
Scammers start new accounts or hack into the pages of drivers with a long registration period and a large number of positive reviews. They accept requests from fellow travelers on behalf of drivers. The seat is reserved, and the "driver" and the traveling companion get access to each other's contacts. The fraudster writes to the victim in the messenger, a conversation is started. The victim receives a link ostensibly to pay for the reservation (prepayment is prohibited by the service's rules, but not all users read them, and many can be deceived). Then the victim:
Signs of fraudsters:
There are four reasons for this:
Of course, the BlaBlaCar service has many opportunities for fraudsters that the service can fix. However, the user can also choose not to switch from the ad platforms to WhatsApp, set different passwords, and periodically change them. And in this situation, everyone decides for themselves whether to use the service that scammers have chosen, or not.
Users of the service know that it is better to choose a driver who has been registered for a long time, and it is important to pay attention to reviews. The transfer of communication to instant messengers on this service was not alarming: right before the meeting, the person will already be driving, and prompt communication will not hurt. This is what the scammers played on. As a result, from a mutual aid service and a "green" project, "Blah-Blah-Car" turned into a fraudulent nest.
Scammers start new accounts or hack into the pages of drivers with a long registration period and a large number of positive reviews. They accept requests from fellow travelers on behalf of drivers. The seat is reserved, and the "driver" and the traveling companion get access to each other's contacts. The fraudster writes to the victim in the messenger, a conversation is started. The victim receives a link ostensibly to pay for the reservation (prepayment is prohibited by the service's rules, but not all users read them, and many can be deceived). Then the victim:
- clicks a link from messenger to a phishing site
- leaves your bank card details there
- voluntarily sends the payment to the fraudster and confirms the transfer
Signs of fraudsters:
- the price is lower than the average, sometimes significantly: it is more profitable to deceive several people for a smaller amount than one, but large
- intruders don't agree to voice communication
- they quickly transfer the conversation to the messenger chat and send a phishing link there, which the built-in Blablacar messenger will not miss
There are four reasons for this:
Users dislike of following the rules
BlaBlaCar, like other services where people offer something to each other for money, has set a rule in the built-in chat: links are not transmitted there. Messages can be viewed by a moderator. If they see a violation, they can block their account. If the user complains, the service will review the complaint, and this requires correspondence in the chat. But we don't like to correspond in the built-in messengers.Lack of "digital culture"
For most Internet users (including those who register on Blablacar as a driver), it is normal to come up with one simple password and use it on all services in a row. This makes it easier for scammers to break into the account.Low security of driver's accounts
More and more resources are introducing two-factor authentication (confirmation of login via email or sms). In some cases, this security setting is a mandatory requirement. For example, Vkontakte puts group administrators in front of a choice: either you are an administrator with two-factor authentication, or you are without it, but you will only have access to your own group as a regular user. "Blablacar" does not provide such an opportunity to protect your account.Extremely slow response of the service to user complaints
"Blablacar" turned out to be a convenient resource for scammers, including because their costs for hacking an account are paid off more than once. It may take several months from the first complaint to the account being blocked. More than once there were cases when the activity of intruders was stopped only by the real owner of the account who visited the site after a long break.Of course, the BlaBlaCar service has many opportunities for fraudsters that the service can fix. However, the user can also choose not to switch from the ad platforms to WhatsApp, set different passwords, and periodically change them. And in this situation, everyone decides for themselves whether to use the service that scammers have chosen, or not.