Spending digital money has almost become second nature to all of us. It would even be frowned upon and raise suspicion to have a lot of cash on you or to insist on cash trades. From buying retail goods and online services, to paying for goods bought in brick and mortar shops, there is virtually no legal business left where you can’t—and probably should—pay or receive money digitally, and that’s a good thing, right?
Well, there has been and always will be a darker side to every innovation and technology. Take Uber, the ride hailing service. Gone are the days where you had to wait long periods of time and pay exorbitant amounts of money for a taxi, but the proliferation of ride sharing has also opened new ways and venues for crooks to make their ill gotten gains seem legit.
The latest technique as described by The Daily Beast isn’t conceptually much different than many previous online money laundering scams: Users pay for a service that they don’t actually use and launder money in the process. But it becomes technically more complex than similar scams due to the moving nature of the service.
How money is laundered through Uber
This is how the process works: Clients order rides through a money laundering marketplace that brings them together with complicit Uber drivers. After Uber has taken its cut from the money, the drivers send a pre-established cut to the money laundering marketplace which takes its cut and reimburses the clients clean money.
The scheme wouldn’t have worked without the cooperation of Uber drivers who are willing to be part of the scam. These ghost rider positions have become lucrative for Uber drivers who are keen to earn an extra buck without much extra effort.
But what makes scamming Uber technically more complex than say Airbnb is the fact that Uber constantly checks and records the drivers’ position through their phones. To circumvent that and game the system, scamming drivers have to run the Uber account on an Android virtual machine that spoofs the system GPS. Virtual machines are essentially emulators that run the OS in a sandbox as a guest while making it easier to tweak and mess with it. There are also apps especially designed to fake GPS positions. In case the driver isn’t in town, there is also the need to use a VPN with an IP address that belongs to the Uber driver’s advertised city to deceive Uber into believing that the ghost rides are really taking place in the same city.
And there is the case with Airbnb. The process is somewhat similar to how the Uber scam works. Money launderers contact Airbnb sellers through online forums and dark web marketplaces and hook up to book lodgings they will never use. After Airbnb has taken its cut, the seller sends 50 percent of the money to the client. This scam can work for a myriad of money laundering use cases including legitimizing illegally earned money or cashing out stolen credit cards.
The same concept works for online freelance marketplaces like Upwork, PeoplePerHour or Fiverr. Criminals pay and receive money for work never done, give the service providers their cut and inject the money into the financial system as legitimate earnings. The technical expertise and entry barrier is relatively low. They only need VPNs to spoof their locations and fake identities that can be bought online for less than $20. There are also always actual players on every marketplace who are willing to get on board for an easy stream of extra money.
At first glance it may seem that the amount of money that can be laundered through these relatively small microtransactions is trivial. But taking into account the sheer number of users on these services and the level of anonymity they provide by making crooks just a needle in the haystack shows how this can be mitigated by quantity.