Usenix Enigma Gig economy workers – the fancy new way to describe short-term freelance serfs like Uber drivers and Deliveroo riders – are well in the sights of hackers.
That's because they're surprisingly easy to phish. There's no corporate network to protect them. They usually sign up to a task-scheduling app using their personal email account, which means any work-related messages come from the outside – and that means crooks can easily masquerade as app makers to extract their login information.
In a presentation at Usenix's Enigma 2018 conference in California on Tuesday, Kendra Albert, clinical fellow at Harvard Law School in the USA, described research with PhD student Elizabeth Anne Watkins that showed how the unusual nature of gig work leaves these contractors open to attack.
“There’s a serious problem with Uber and Lyft drivers being phished,” Albert explained. “Phishers send out official-looking phishing emails offering drivers a bonus and asking for their login credentials. Their wages are then sucked out of their accounts.”
One of the reasons this is so effective is that Uber and other gig employers regularly insist workers hand over personal information, sometimes with the threat to revoke their employment if the data is not forthcoming. Albert cited Uber’s real-time ID check as one such example.
The other problem is that gig workers aren’t viewed as the security team’s problem, and don’t get regular messages or feedback on security. That’s coupled with the somewhat adversarial nature of the employer/freelancer relationship, making gig workers easy prey for phishers, Albert opined.
The academic cited a 2016 Pew Research study that found around eight per cent of workers in America were earning money on the gig economy, and said the real figure was probably higher these days. Of those app serfs, 56 per cent relied on these contractor jobs to cover basic living expenses, as opposed to earning a bit of extra cash on the side.
The problem is only going to get worse, Albert warned, citing Lawrence Katz and Alan Krueger’s paper [paywalled here] titled “the rise of nature of alternative work arrangements in the US.” This found that almost all of the employment growth in the States from 2005 to 2015 appears to have come from alternative workers, including gig staff.
Unfortunately the situation for gig workers is unlikely to improve, Albert told The Register. Customers and the app makers don't suffer especially from these kinds of attacks, all the risk is on the freelancers, who have very little choice in the way they work.
“Gig workers rely on platforms and often don’t have the power to say no to employers,” the Harvard fellow said. “We should ask why these services are so cheap and what do we get for paying less. We can think about how we enable systems that are exploitative.” ®