Android updates

Scams on Blablacar: road trips that hurt the wallet!

Everything rolls for Blablacar

Well known to carpooling enthusiasts, the Blablacar application makes it possible to connect, on the one hand, people who want to share all or part of their journey, on the other, people who wish to reserve a place in the vehicle, against payment.

Created in 2004 by Frédéric Mazzella, the French unicorn has stalled since the start of the health crisis and has panicked the counters since the price of fuel has increased. A so-called “ecological” alternative to transport services like Uber, the carpooling platform passed the milestone of 20 million users in France last year. But, as often when an application grows, scams also flourish. Success comes with responsibility!

Canceled trip, re-book!

We’ve all had our trip canceled before, and it’s annoying. And in an emergency, few are those who keep the right reflexes. It is at this precise moment that the scammer works.

This is what our near-victim Internet user says: he books an emergency trip with “Tiphaine”, without dwelling too much on the profile of his interlocutor (first error). No photo, no description, no opinion, but low price! Let’s go.

While waiting for the confirmation message, he only receives a cancellation assuring him that he will be reimbursed. He tries to call Tiphaine to find out more, but he gets an answering machine. Pity.

Once again, he embarks on a new reservation, with another “ghost” profile, that of “Sophia”. This time she quickly accepts the ride, but the app warns right after that the trip has been canceled (probably by Sophia herself). There, our victim receives a message on WhatsApp, from Sophia. Nothing too surprising for the moment, since the mobile phone numbers can be found on Blablacar. But, when you go off the beaten track, you have to be on your guard…

“Unable to put the trip back on the site”

On WhatsApp, Sophia explains that she was in contact with Blablacar support, that the trip was canceled due to a server error, and that she cannot submit her travel proposal on the site because “technical problems”. There, she sends a new link to our victim, ensuring that it comes from Blablacar and that it will allow us to book the trip. But, why would this link work better than another if it is the website that has technical problems? Not asking the question is a second mistake. Clicking on the link, although it (almost) looks like a Blablacar link, is a third one.

An official link: https://m.blablacar.app/ride/88888888/

A fake link: https://m-blablacar.app/ride/88888888/

The difference is not obvious, but it is enough to send you to a completely different website.

It is at this point that we find ourselves on a website, which also resembles in all respects the official website of the carpooling platform. The netizen says: I fill in the requested information, and I proceed to payment. I am then redirected to a page where I am asked for my credit card code. For the moment, nothing (except the clues sown so far) indicates that it is a scam; the price displayed is the same as that of the initial journey.

In the next step, I am asked to enter the code I received by SMS to validate the payment, a security that has become quite common today. But this is where it gets crunchy: in my SMS my bank tells me that the code in question corresponds to… a payment of 900.89 BYN (Belarusian rubles) “, he continues to tell.

On the other side of the phone, Sophia unsurprisingly explains that he ” must validate the operation on the mobile bank ” clicking on ” Approve “. Without even knowing what a Belarusian ruble is, anyone would have cut the exchange short at that time. You just have to quickly check on the Internet to realize that it is 290 €.

Naive or very curious, our user asks if he can pay in cash. And, in a last burst of hope, the scammer asks to see the ” confirmation code »… She could, of course, enter it for you on the site, thus validating the operation for you.

Moral of the story

Scams are legion on apps and on the Internet, especially when it comes to payments. Do not click on a link sent by an unknown person, or else, check that it is identical to the comma to the official site. No detail should escape you.

Furthermore, the references to ” coded », « payment ” Where ” validation should put your senses on alert…

Since alerting the networks to his case, Blablacar has apologized and had the scammers’ accounts deleted. They are neither the first nor the last…

Also read: Security, anonymity… How to change your IP address?

Leave a Reply

Your email address will not be published. Required fields are marked *