With technology maturing, we receive a new convenience almost at a daily rate. Unfortunately, it has also created different ways for conducting illegal activities. Online service marketplaces like Uber & Airbnb are relatively new, and they have been on the receiving end of these fraudulent actions, left to foot the bill.
No one is exempt to these new schemes, as The Daily Beast published an article showing that Airbnb was easily exploited by using stolen credit cards and complicit Airbnb Rental Hosts, who agreed to “ghost booking” their properties to receive freshly laundered money. The notoriety of this scheme was revealed to even have included Paul Manafort, the former campaign manager for US President Donald J Trump, in his unsealed indictment papers.
Because Airbnb has a reach that extends beyond individual countries, being a multinational corporation, criminals can easily use this to their advantage to hide behind the enormous scope of the business itself. This tends to make it very difficult to pin an individual person or group down as the culprit(s). The checks and processes Airbnb has set up are not enough to funnel out illicit transactions versus genuine ones as they receive thousands of individual transactions per day.
Uber has been exploited in a similar manner as Airbnb, but the transaction process is a little more difficult to catch as opposed to Airbnb, with Uber operating at a much larger scale with many more Drivers and an exponentially greater amount of requests.
How the Uber Ghost Rides works:
Here are the details of an Uber Ghost Ride: The Uber Seller sets up a money laundering service in which they will advertise to the Deep Web or chats like ICQ seeking to book Uber drivers looking to increase their weekly pay-out. Then the two parties will coordinate the pickup, stops, and drop off points to garner a ride that will cost usually $100+. After this is all decided upon, the Uber Driver will then go to and wait for their request in a remote location until the Uber Seller and Driver are matched, the Uber Driver will continue the ride, usually running normal errands, all while on the clock of the Uber Ride-share.
Laundering money this way is also pretty simple: The Uber Seller may work with many individual drivers weekly and some even daily, amassing a large scale of business and profit. It is reported that some Dark Net Uber Sellers can create approximately $2,000 per day.
Then, after Uber takes its percentage from the ride, the Uber Driver(s) will split their pay-out (occasionally plus tip) with the Dark Web Uber Seller usually via cryptocurrency. Both parties come out a little bit richer.
These “ghost ride” positions are increasingly treasured — offering income at little to no threat of being discovered and zero effort. In fact, the jobs for Drivers are openly solicited even on clearnet online forums.
According to Melanie Ensign with Uber’s Security Team, they have identified the majority of the ring-leaders of the Uber Sellers, and the schemes usually are operated out of China or India. They’ve pinned down some persons giving orders in Atlanta to be based in an Indian city near the border with Pakistan.
The accounts used for ghost-rides are usually profiles with weak passwords that are hacked. Be assured though, all payment information stored with Uber is encrypted and hashed, therefore it prevents identity theft inside of the app itself. The Uber Sellers will swap out the stored payment credentials with stolen ones usually obtained via the Dark Web. In this process, the ride is paid with stolen money, while clean money is wired to the Uber Driver and the Uber Seller, leaving Uber to foot the bill for fraud.
The basis ecommerce is built upon is the ease of purchasing and selling goods and services at the convenience of the internet. The process is simple, just a few taps here and some typing there, and the deal is almost instantly completed. Creating an operation for money laundering is relatively as simple as the ecommerce process itself, with a little bit of know-how and guts to commit fraud.
The reality is that it is almost impossible to differentiate a legitimate transaction from a fraudulent one. And, every party from the Dark Net Seller, the app used to launder, the banks whom approve and disperse stolen funds, the processing company who is responsible for the transport of funds, to the receiving party who accepts funds all play a role and own a little responsibility.
The scariest fact is that ecommerce fraud is estimated to be approximately $200 billion in the United States per year alone, making it larger than most of the US’ most profitable industries. With the high volume of used apps like Uber & Airbnb, and the amount of potential still left for these apps to grow, that figure only stands to increase.