Fergal Parkinson
Published on: August 1, 2024
Priscila Barbosa arrived at JFK, New York on a tourist visa from Brazil, on 24 April 2018, aged 32, with just 117 dollars to her name – and immediately spent much of that on a bus ticket to Boston.
Three years later she had made hundreds of thousands of dollars as the architect of an elaborate identity scam that would eventually see her dubbed ‘The Queen of the Rideshare Mafia’.
Barbosa achieved this astonishing rise after discovering how to create fake driver accounts which allowed fellow immigrants with no Green Card – so no legal right to work – immediate access to what’s called the gig economy.
Her scam meant she was able to get such people working accounts as drivers for taxi apps like Lyft and Uber so they could bypass immigration work restrictions and make a wage.
Once she’d managed to scam the employing company’s onboarding security checks she’d then ‘rent’ the account she’d created to a migrant – usually a fellow Brazilian, like her on a tourist visa. They’d pay her a weekly cut from their wages for the access she provided to that platform and the paid work that came with it.
When the pandemic killed the taxi trade-off almost overnight there was conversely a boom in demand for takeout food – and resourceful Barbosa was able to pivot her business model to create the same scenario for apps offering home-delivered food and needing a steady flow of drivers.
Now the companies she was hoodwinking would include Instacart, DoorDash, Uber Eats and Grubhub.
The scam also allowed her to pocket hundreds of sign-up bonuses.
So how did Barbosa manage to deceive all these platforms and create her empire? If you’re interested in more detail than my precis here affords then Wired published a very good long read on the whole story the other day that will tell you a whole lot more.
But for my purposes, a summary of her fake ID crime spree will suffice – because I’m more interested in the lessons we can draw from her story than her colourful career itself.
Barbosa had minimal resources, at least initially, but she was very gifted at tech, particularly at working out ways to bypass system security. She was also a natural networker, able to form relationships quickly and sustain hundreds at a time. These two skills took her a long way in a very short time.
Her trade began with her trying to work out how to become a driver herself. She used someone else’s licence – and it worked. So she started helping others to do the same.
Initially, she begged friends for misappropriated IDs. The first she got her hands on came from a doorstep scam: legitimate consumers receiving parcels would be asked to produce ID in order to have their parcel handed over. The driver would distract the customer and quickly take a close-up of their driving licence and that image would end up making its way to Barbosa who could clone it.
When this source couldn’t deliver licences in sufficient quantities she went onto the dark web – where very private material like this is traded freely – and began purchasing misappropriated licence images in greater numbers.
Then, once she had uploaded a licence, the rest was easy. Because there was little if any attempt to cross-check the details on the stolen licence against the rest of the account holder’s added information.
The apps often quickly realised they were being spoofed and would shut down the new accounts quite quickly – but Barbosa would simply open new ones in response.
So how could such massive brands with such enormous turnovers be scammed by a chancer who started out equipped with just an iPhone and $50?
The main problem stemmed from that initial reliance on uploading a driving licence as the backbone of their verification processes. I suppose it seemed natural – logical even – for companies wanting drivers to reach for this method when setting up. They wouldn’t want unqualified drivers working under their brand name so this must have seemed the best way to ensure that they weren’t. But, counterintuitively, it wasn’t then and it isn’t now.
As this story amply demonstrates, fake ID is easy to get hold of and is out there in vast quantities. So a document upload is a poor starting point for verification.
In fact, the best place to start is with the phone number of the applicant. The vast majority of bone fide people will have had the same number for some years. By checking both a number’s current status and history we can see at a stroke whether it shows any warning signs of being associated with fraud: is its behaviour consistent, is it physically where you would expect it to be, is it newly registered, and so on.
Once you have established the credibility of the new user’s number, then document upload as an optional secondary screening tier is fine – but they should never be the starting point.
As if to prove my point, it was the fact that so much of her scam work was carried out from or linked to a single mobile phone which would eventually allow Barbosa to be identified and apprehended by the FBI after a lengthy and costly investigation which led to 17 criminal cases.
She protested at trial that she had believed her faking had been a victimless crime.
In fact, the thousands of people whose identities had been abused no doubt suffered many indignities, inconveniences and probably financial losses. She was jailed for three years.
But if that phone number the FBI sourced had been checked when she made her first application six years ago, none of this would have happened.
Last updated on August 7, 2024
Our data verifies the mobile number and device in use are genuine, allowing our customers to make reliable and informed decisions about potential users.
Check out Verify"Phone number verification plays a critical role in helping to detect and prevent online fraud. TMT ID’s TeleShield product provides easy access to global mobile data, enabling us to enhance the actionable results of our MaxMind minFraud® services."
"BTS (Business Telecommunications Services) is successfully using TMT’s Velocity and Live services to check the status of mobile numbers. This way we make sure we optimize the performance of the service offered to our customers and ensure the quality of terminating traffic to all countries.”
"Working with TMT’s TeleShield service has expanded our ability to detect fraud and minimise the risk to our business. TeleShield brings peace of mind and the opportunity to stop fraud before it affects our customers’ bottom line or the service."
"LATRO relies on TMT’s TeleShield to provide the most up to date and reliable numbering qualification information within our fraud reporting tools, enabling us to protect our customer’s revenues and empowering them to defend themselves against fraudulent numbers."
"TMT is a valued partner that enables us to manage our routing costs effectively. They proactively and continuously expand their operator and country coverage while delivering exceptional customer service. We can always count on them to achieve high-quality results and look forward to our continued collaboration."
"TMT provides us with the most comprehensive numbering intelligence data through their fast and reliable Velocity and Live services. TMT is a trusted partner for us, their products ensure that we continue to optimise the best performance and service to our customers."
"TeleShield from TMT gives 42com the power to detect and target telephony fraud scams internationally, thereby protecting our company from the financial and customer experience impacts of telecommunications fraud."
"It has been a pleasure to work with the team at TMT. They have become an essential provider of accurate numbering data information and Number Portability services globally."
"Deutsche Telekom Global Carrier uses TMT ID as one of their key suppliers for Mobile Number Portability Data services. Deutsche Telekom Global Carrier uses TMT ID’s Velocity MNP solution. This is an ultra-fast query service that optimises the routing of international voice calls and A2P messaging."
We provide the most comprehensive device, network and mobile numbering data available
Contact us > Chat to an expert >
