Inside the rideshare fraud economy: 5 patterns costing platforms millions

Quick summary

In 2024, federal prosecutors in Brooklyn unsealed an indictment against two defendants who had sold jailbroken phones and GPS spoofing apps to more than 800 rideshare drivers. The drivers used the devices to fake their location, jump dispatch queues, and collect surge fees they hadn't earned. Customers lost roughly $40 million.

The case is unusual in its scale, but the fraud mechanics aren't. Driver fraud in rideshare is well documented, increasingly organized, and frequently invisible to the verification systems platforms rely on at onboarding. The verification stack catches the bad actor at the door. It rarely catches what they do once they're inside.
‍

1. Location spoofing

Location spoofing is when a driver manipulates their device's GPS signal to appear somewhere they're not. In rideshare, that usually means appearing inside a high-demand surge zone, near a busy airport queue, or in a service area where the driver isn't actually located.

The platform routes rides based on a location signal that isn't real, leading to the driver collecting a surge premium, accessing higher-value trips, or jumping the queue without physically being where the platform thinks they are.

The case mentioned above is the most public example of this pattern. Federal prosecutors alleged that two defendants sold hacked smartphones and illicit apps to more than 800 Uber drivers. One app allowed drivers to spoof their location so they appeared inside areas with surge pricing. Another allegedly let drivers see rider destinations and fares before accepting rides, which allowed them to cherry-pick higher-value trips. Prosecutors said the scheme generated $40 million in bogus surge fares, while the operators made more than $1.5 million from selling hacked phones and apps.

The cost isn't only the surge payouts. It's the corruption of the dispatch system. Fake supply in a surge zone delays real drivers from being routed there. Real demand goes unmet. Honest drivers see fewer high-value rides. Riders pay prices that reflect a marketplace the platform thinks exists, but doesn't.

That's why location spoofing is so damaging in rideshare. It attacks one of the platform's core operating systems: matching real riders with real drivers in real places.

How to catch location spoofing

Platforms catching location spoofing effectively are checking the device and movement pattern before the driver enters the dispatch queue. That includes signals like:

• Jailbroken, rooted, emulated, or compromised device environments
• GPS signals that don't match IP, network, or ambient location context
• Impossible travel between dispatch, pickup, airport queue, or surge events
• Driver movement that doesn't match real driving behavior

The goal is to catch the spoof before it affects dispatch, not after the surge payout has already moved.
‍

2. Driver bonus and referral fraud

Most rideshare platforms run aggressive driver acquisition programs. Signup bonuses, completion bonuses, referral incentives, weekly campaign payouts. They're standard tools for building driver supply in competitive markets, and they're a documented target for organized fraud rings.

The pattern is straightforward. A ring creates driver accounts using stolen identities, synthetic identities, or falsified documents. It uses bots, GPS spoofing, or coordinated drivers to trigger the qualifying actions for a bonus. Then it collects the payout, rents the account, or reuses the account for another fraud pattern.

Wired's profile of Priscila Barbosa's rideshare and delivery account operation shows how this works at scale. Prosecutors said Barbosa's network pushed out about 2,000 accounts using stolen identities and falsified documents, and Barbosa profited more than $780,000. Uber also estimated that it spent about $250,000 investigating the ring and around $93,000 onboarding fraudulent drivers.

That's the business impact most teams undercount. Bonus fraud isn't just the incentive payout. It's the onboarding cost, support cost, investigation cost, fraud review cost, and corrupted acquisition data. The platform thinks it's acquiring real driver supply. Instead, it's paying fraudsters to create disposable accounts that may later be used for surge gaming, account renting, closed-loop fraud, or delivery fraud.

The damage also compounds because driver accounts have ongoing value. A fraudulent account can generate income through bonuses, platform access, account rental, fake trips, and payout abuse. That makes it more durable than a stolen card or one-time payment credential.

How to catch bonus and referral fraud

Platforms catching bonus and referral fraud effectively are looking for shared infrastructure before the first incentive pays out. That includes signals like:

• Multiple driver accounts opened from the same device, emulator, or IP range
• Referral chains with repeated device, location, or payout overlap
• Bonus-eligible trips completed in unusually similar patterns
• Campaign-window spikes tied to the same location cluster or device network

The goal is to flag device and account relationships at onboarding, not audit bonus payouts after the campaign is already over.
‍

3. Account renting and multi-accounting

Account renting in rideshare happens when a verified driver rents or shares their account with someone who can't qualify on their own. The verified driver may have passed background checks, licensing requirements, and vehicle requirements. The person actually driving may not have.

From the platform's perspective, the account can look normal. The app sees one verified driver account accepting rides, completing trips, and receiving payouts. What it can't see without stronger device and location intelligence is that the person behind the wheel has changed.

This is a documented rideshare problem. In London, regulators found that 14,000 Uber rides in late 2018 and early 2019 were completed by unverified drivers using rented accounts. Account renting was somewhat of an “open secret” discussed in driver social media groups and messaging apps.

The liability exposure is different from a bonus scam or fake trip. This is a safety and compliance problem. If the wrong person is driving, the platform may be carrying risk for someone it never approved.

That risk becomes especially clear when background-check requirements don't match active work. In New South Wales, authorities alleged that Uber allowed 57 Uber Eats drivers to transport passengers without clearing the background checks required for rideshare services. 

The regulator brought 57 charges, with maximum penalties totaling about $1.5 million.

Account renting creates the same core exposure: the platform verified one person, but someone else may be doing the work. If there's an accident, assault, rider complaint, insurance dispute, or regulatory review, the platform has to answer for a driver it may never have approved.

How to catch account renting

Platforms catching account renting effectively are checking whether the active driver session matches the verified driver's normal device and location behavior. That includes signals like:

• A verified account suddenly appearing on a new device before a shift
• Login or driving patterns that don't match the driver's location history
• The same account appearing in two places that don't make sense
• Active driving sessions that move differently from the driver's normal pattern

The goal is to keep the link between the verified driver and the active driver intact, not just verify the account once at onboarding.
‍

4. Fake ride and closed-loop fraud

Closed-loop fraud is a rideshare-specific mechanic. One operator creates both a fake driver account and one or more fake rider accounts, often using stolen cards or synthetic identities on the rider side.

The operator then uses GPS spoofing to simulate rides between accounts they control. The fake rider requests the trip. The fake driver accepts it. The trip appears to move through the app. The ride gets marked complete. The platform pays out the driver side, and if the rider account used a stolen card, the platform may later inherit the chargeback.

No real passenger moves. No real ride happens. But the platform can still see a completed trip, a driver payout, a rider charge, and potentially a bonus-eligible action.

This pattern can be very damaging because it touches multiple levers at once. The platform can pay out for a fake trip, absorb a rider-side chargeback, pay a bonus that was never earned, and then feed phantom trip volume into dispatch, supply, demand, and incentive models.

Rideshare marketplace research also shows why phantom activity matters. Lyft's driver positioning incentive system generated millions of bonuses weekly and produced a 0.5% increase in incremental bookings, worth tens of millions of dollars per year. That's a legitimate example, but it proves the sensitivity of the system. If driver positioning and trip activity are fake, the platform can end up optimizing around data that doesn't reflect the real world.

How to catch closed-loop fraud

Platforms catching closed-loop fraud effectively are looking at the relationship between rider and driver accounts, not just each trip in isolation. That includes signals like:

• Rider and driver accounts tied to shared devices, locations, or network patterns
• Trips with GPS movement that doesn't match real ride behavior
• Identical timing patterns across supposedly independent accounts
• Repeated ride loops involving the same account clusters
  

The goal is to detect the network behind the trips, not review completed rides one at a time after payouts and chargebacks have already hit.
‍

5. Account takeover

Account takeover is less of a systemic problem on rideshare platforms than it was a few years ago. MFA, device fingerprinting, and step-up authentication have made it harder to execute at scale. Most platforms have layered in protection at the moments that matter.

But driver accounts have a feature that makes them higher-value ATO targets than most consumer accounts: direct payouts.

The typical pattern looks like this. A driver gets phished by a message that looks like driver support. The attacker logs in from a new device and location, changes the bank account or debit card on file, and reroutes the next pay cycle or instant cashout to an account they control. The driver doesn't notice until their payout doesn't arrive. By then, the platform is often the entity left investigating, reimbursing, and rebuilding trust.

The broader account takeover loss environment is large. FBI-linked reporting says account takeover scams caused more than $262 million in losses in 2025 so far, across more than 5,100 complaints. The FBI described criminals gaining unauthorized access to accounts, resetting passwords, taking control, and transferring funds to accounts they control.

How to catch account takeover

Platforms catching ATO effectively are checking device and location at login and before sensitive account changes. That includes signals like:

• A verified driver account suddenly logging in from a new device or location
• Impossible travel between recent driver sessions
• Bank account, debit card, email, or phone changes after a risky login
• Payout changes followed by withdrawal or instant-cashout activity
  

The goal is to apply friction when the risk is real, not across every driver session. Good drivers should be able to keep moving. Risky sessions should get stopped before an attacker can change where the money goes.
‍

Using location signals to detect rideshare driver fraud

The five fraud patterns in this piece look different on the surface. Surge gaming, bonus rings, account renting, closed-loop schemes, and account takeover are distinct mechanics with distinct financial consequences. But they all share the same detection gap: they exploit the difference between what a platform can verify at driver onboarding and what's actually happening once the driver is active.

A driver who passes a background check can still spoof their location. An account that passed verification can still be rented to someone who couldn't pass it. A ride that completes successfully can still be entirely fake. The verification stack catches the bad actor at the door. Catching what they do after that requires a different layer of signal. That layer is location and device intelligence.

For rideshare platforms, three capabilities are directly relevant:

• Location spoofing detection: Flags fake GPS, VPN use, location tampering, and suspicious movement patterns before they affect dispatch, surge, airport queues, or trip completion.
• Device and account linkage: Helps identify shared devices, emulators, repeated infrastructure, and suspicious relationships across driver and rider accounts that look clean in isolation.
• Custom fraud rules: Lets teams build detection logic specific to their rideshare flow, including surge gaming, bonus fraud, account renting, closed-loop rides, and risky payout changes.

The difference is timing. Traditional fraud stacks often find the issue after the payout moves, the bonus fires, the ride completes, or the driver complains. Rideshare fraud prevention works best when platforms can verify device and location truth before the driver enters the queue, accepts the ride, completes the trip, or changes payout details.

Stopping fraud in real time

Driver fraud in rideshare isn't one problem, and it won't be solved by one rule. Location spoofing, bonus fraud, account renting, closed-loop rides, and account takeover all attack different parts of the marketplace.

But the common thread is clear: the fraud becomes visible when platforms connect device, location, account, and behavior signals during active work, not just at onboarding. 

To stop this fraud, high growth startups and the Fortune 500 are turning to platforms like Radar. The location infrastructure is built for the layer where fraud lives, and complements existing fraud stacks .