The BlaBlaCar carpooling platform has been popular with cybercriminals in recent months. Thanks to fake profiles and a system of phishing realistically, hackers try to trick app users.
A well crafted scam. For several months, hackers have been trying to scam customers of the carpooling application BlaBlaCar. Our colleague Valentin Hamon-Beugin, journalist at The new factory, has been the target of one of these scams. He shared his misadventure in a series of tweets. Since then, testimonials have been pouring in on the social network.
One phishing realistic
Valentin Hamon-Beugin decides to book a BlaBlaCar with Sophia, whose profile suggests a very real young woman. “Sophia has never been rated […]but it displays a photo that looks legit”, he recalls. He then books the trip and receives a confirmation. However, thirty minutes later, the race is called off. Having his number thanks to the platform, the driver contacts him by WhatsApp. Said Sophia invokes a “server” error to justify the cancellation of the reservation and ensures that the trip will still be made.
She then asks Valentin to pay for the order in advance, claiming an error on the site as well as a recommendation from BlaBlaCar’s customer service. To pay for the trip, the driver sends a link to Valentin.
A site similar to that of BlaBlaCar appears on the journalist’s screen. The latter continues and enters the details of his bank card. With double authentication activated on his bank account, Valentin must supposedly receive a code by SMS to verify his purchase. “This is where it gets crunchy: in my text messages, my bank tells me that the code in question corresponds to a payment of 900.89 BYN (Russian rubles)”, he explains. Valentin understood at that moment that he had been the victim of phishing (phishing in French).
Innocently, I click on the link, and there I come across a page that looks exactly like Blablacar. Innocently (again), I fill in the requested information, and I proceed to payment. I am then redirected to a page where I am asked for my credit card code pic.twitter.com/ZIX1LNGYUc
— Valentin Hamon–Beugin (@BeuginHamon) February 18, 2022
BlaBlaCar strengthens its security
This trick used by hackers is actually to visually replicate an official site. Internet users directed to this fake site are then tricked and send hackers not only their information but also, in this case, their money. After this scam attempt, the journalist realizes that several dozen fake profiles abound on the platform. On Twitter, many BlaBlaCar customers report similar facts, always in connection with fake profiles.
Contacted by our colleagues from Huffington Postthe application evokes cases “which remain rare”. The platform claims to be able “to block quickly” fake profiles “as soon as suspicious behavior is detected or a member reports it to us”. BlaBlaCar calls on its users to be vigilant and advises to check “the profile of the carpooler or carpooler with whom you plan to travel”. The world leader in carpooling also announces that it has strengthened its security, in particular by improving the identification of fraudulent accounts.