No one can be in multiple places at the same time, but, apparently, Uber and Chase thought that magical feat was possible, and that Brooklyn resident Gwen Virgile and her husband, Jeff, had pulled it off.
It started last fall when Gwen got a call from Jeff.
“He’s like 'Gwen, do you see our bank account?'"
So, she went to her phone and checked.
“I’m scrolling through, I see minus one hundred, minus one hundred, minus one hundred, and I’m saying to myself 'what the hell is going on here?' It’s Uber!”
There were dozens of Uber trips charged to them. And all of them supposedly took place the day before-- within three hours of each other—from three different states!
“They’re in California, Georgia and Florida. I’m here in Brooklyn!”
The receipts she saw reeked of fraud. Small charges in small towns and then huge tips. One was under a mile in Helena, Georgia. Then two minutes later, a trip in Naples, Florida. A few dollars each, but with tips of around $100!
The charges totaled about $2,500.
They were billed to the couple’s American Express and Chase cards. So, Gwen asked for a refund. American Express complied right away. So did Chase, until Uber claimed the trips were legitimate and Chase paid Uber $1,300.
Gwen had no luck getting Chase and Uber to see the error of their ways, so she contacted us. We got the companies to take another look.
“We should have flagged it as fraud," Chase said.
An Uber spokesperson told us, “Gwendolyn’s request was not routed properly to our fraud experts…it does appear someone else accessed Gwendolyn’s account…We’ve now issued…refunds. “
But Uber couldn’t tell us why this wasn’t handled as fraud from the beginning. And neither company would say if they ever actually investigated in the first place.
There are some things you can do to protect your accounts:
- Use different unique passwords for each account (A pain, we know, but a big security boost.)
- Use two-step verification so that you must log in online and then (usually) respond with a code that the company texts to you.
- You can also see if your accounts and passwords have been compromised by going to the web site, haveibeenpwned.com That is the way the web site is spelled, but it’s actually pronounced “Have I been owned?”, a hacker’s term for compromised.
If you’ve got a story for me—send an email to firstname.lastname@example.org or contact me on Facebook or Twitter.