A Langford, B.C., restaurant owner says he’s been missing sales deposits from Uber Eats orders since April, and he only learned why after taking his concerns to CTV News.
Wing Deng, the owner of May Gold Village, said he’s owed tens of thousands of dollars. For months, he’s been calling and emailing Uber to try to solve the problem.
“$30,000 is a lot of money,” he said. “I can’t find the right person to talk [to].”
The long-time business owner sent CTV News his email correspondence with Uber’s support team. It’s filled with red flags.
In the emails, Uber’s merchant support staff refer to Deng as “Daniel” at least twice. They say his email address is not associated with his Uber Eats account and advise he contact the administrator to be added as a user.
“I … am the sole owner of May Gold Village restaurant. The only email associated with my ownership is (my Hotmail address),” one of Deng’s emails says.
“If there is another email registered under my Uber Eats Restaurant Manager account that does not belong to me or the restaurant, please cancel it immediately.”
On Monday, CTV News asked Uber about Deng’s concerns. The company called him soon after and conducted an investigation.
“We believe the merchant was a victim of fraud, unfortunately,” Uber spokesperson Keerthana Rang said in an email.
Deng said someone gained unauthorized access to the May Gold Village account and tried to change the banking information.
“We regularly remind restaurants about protecting their accounts from phishing attempts to obtain personal information,” Rang said.
Uber would not share the details of the investigation, but said the matter has been resolved with Deng.
“That’s good news for me,” he said.
A digital literacy educator in Langford said he sees account takeovers often.
“That’s the most common and most effective way hacking happens nowadays,” said White Hatter CEO Brandon Laur.
“In the online world, your identity is linked to your account. And if someone … steals it (and) impersonates you using that account, things can go wrong very quickly, which looks to be kind of what happened here.”
Password managers and two-factor authentication can help protect people’s accounts, Laur said. He also advises people to change their passwords if they notice anything suspicious and to check their user activity to monitor foreign login attempts.
“It will list all devices that have been logged in, when they logged in, and if they’re currently logged in,” he said.
