Toronto woman wrongly billed for Uber ride in Poland says she feels 'violated' - Action News
Home WebMail Saturday, November 23, 2024, 07:34 AM | Calgary | -12.2°C | Regions Advertise Login | Our platform is in maintenance mode. Some URLs may not be available. |
Toronto

Toronto woman wrongly billed for Uber ride in Poland says she feels 'violated'

A Toronto woman is speaking out after she says she was billed for an Uber ride ordered on her account by someone thousands of kilometres away in Warsaw, Poland.

'I kind of felt a little bit violated, like someone else was impersonating me in an Uber'

Laura Hesp was at home in her apartment on Adelaide Street West on Monday, when she says she received a text saying an Uber driver would be there to pick her up in five minutes. The problem: she never ordered one. (CBC)

A Toronto woman says she feels she was taken for a ride after beingbilled for an Uber tripordered on her account that she didn't take 7,000 kilometresawayin Warsaw, Poland.

Laura Hesp was at home in her apartment in Toronto on Mondaywhen she says she received a text saying an Uber driver would be there in five minutesto pick her up. The problem: she never ordered one.

Hesp says she thought it was it was a glitch and posted about the ride to theWeird TorontoFacebook group.

"Got a phantom text saying my Uber arrived I open the app and it's in Poland and for the next 10 minutes I can see this guy dropping someone off In Poland. What," Hesp wrote.

Before long, Hespwas getting replies saying her account had likely been hacked.

'I kind of felt a little bit violated'

Hesp says she didn't know that was possible.

However, when the ride ended, she says she got an email with abill for the equivalent of about $3.75for the ride.

Laura Hesp says she was at her Toronto home when she received an email from Uber informing her someone had taken a trip using her account about 7,000 kilometres away in Poland. (Laura Hesp)

Hesp says she contacted Uber and told them what happened.

She says Uber refunded the trip, and told her tosecure her account bychanging her password and deleting her credit card information.

"I kind of felt a little bit violated, like someone else was impersonating me in an Uber And you can't really track down who that person was," she said.

In an email to CBC News, Uber security spokesperson Melanie Ensign said this type of fraud is usually caused by password reuse or phishing scams that trick a user into giving away their password.

Hackers target passwords, says security expert

The company says it doesn't store credit card information but nevertheless recommends users create a unique password not used for any othersitefor their Uber accounts.

Toronto-based security engineer Geoffrey Vaughan agrees.

Toronto-based security engineer Geoffrey Vaughan says phishing scams can affect virtually any account a person has online and recommends people use a password manager to keep their login information secure. (CBC)

A phishing scam, he explains, usually begins with an email telling a person their account has been compromised. The email will contain instructions for resetting a password and directs a person to a website that looks on the surface to belong to a legitimate company. When the user goes through the steps, they inadvertently give away their password, giving the hacker the keys to their account.

"It's not much different than any of your banking phishing emails or the Nigerian prince from however many years ago," Vaughan said.

"That's probably the easiest way that most people would go after targeting other Uber accounts," he said, adding the same kind of scams can compromise virtually any online account.

Vaughan recommends people use a password manager programs that generate and store unique passwords for a user's many accounts in asecure database, which can be unlocked by a single master password to keep their login information secure. He says that eliminates the needto remember every password and cuts down on the possibility of being hacked.

'You should be treating all emails as hostile'

Vaughan says keeping yourself safe from phishing scams all comes down to how much you trust the emails you receive.

"You should be treating all emails as hostile unless you can prove otherwise. You should never be clicking on a link until you're absolutely sure," he said.

Hesp may have learned that lesson the hard way, and now says she's changing all of her passwords.

Despite her experience, she says she was impressed with Uber's customer service and will continue to use it.

Even so, she says she'd like to see Uber put in place a way of confirming that the rider getting into the car is indeed the one the ride was meant for.

"It's hard because a lot of us order Ubers for other people but we definitely need to figure out a different way to make sure that that's the person that ordered it," she said.

As for who might have ordered a ride on her account halfa world away, Hesp says that, because there aren't generally cameras in Ubercars, there's likely no way to trace the person's identity.

"I guess we're never going to find out."

With files from Natasha MacDonald-Dupuis