Crazy Chloe

[genou]

I own a UK domain, let's say mumble.co.uk.

I get emails addressed to chloe@mumble.co.uk. These emails are from Uber. Chloe is in Ontario, Canada. I do know her street address, as she uses Uber Eats. How did she manage to get this email address, which she cannot access, attached to her Uber account ? Or, more pertinently, how can I detach it from her Uber account, without access to her phone ?

I could just send it all to dev/null, but I like to be tidy. She shouldn't be using the address, so I'd like to stop her using it.

[mc2fool]

How did she manage to get this email address, which she cannot access, attached to her Uber account ?

Well that's a good question, as it's been pretty much standard for many years to send an email with a link to follow to confirm an address for signing up to more or less anything. Uber not so?

I could just send it all to dev/null, but I like to be tidy. She shouldn't be using the address, so I'd like to stop her using it.

I suppose you could try contacting Uber and complaining but ... do you have cPanel? If so (and probably with other control panels) then rather than forwarding the address to dev/null forward the address to "Discard and send an error to the sender". Then possibly Uber's systems will remove it after a few failed deliveries. Maybe.

[pochisoldi]

I had someone set up a Facebook account using one of my email addresses.
I simply did a password reset, logged into the FB account, deleted the handful of posts, unfriended all friends then disabled the account.

My attitude was that the account was in "my name" and therefore mine to deal with as I saw fit.
If someone is stupid enough to use someone else's email address for an account, they shouldn't be surprised when they permanently lose access to it.

[servodude]

I had someone set up a Facebook account using one of my email addresses.
I simply did a password reset, logged into the FB account, deleted the handful of posts, unfriended all friends then disabled the account.

My attitude was that the account was in "my name" and therefore mine to deal with as I saw fit.
If someone is stupid enough to use someone else's email address for an account, they shouldn't be surprised when they permanently lose access to it.

I was going to suggest similar - but it seems impossible with Uber accounts being primarily bound to phone number

[swill453]

Have you tried searching for her on social media? If you found her you could send her a message.

Scott.

[Midsmartin]

if chloe@ is an address you don't use yourself, then you could just reject all email to unknown addresses, which is what most organisations end up doing. If you actually use chloe@ then I'm not sure what else you can do other than a bit of detective work looking for similar domain names - probably our Chloe just got one letter wrong in her email address.

[didds]

if chloe@ is an address you don't use yourself, then you could just reject all email to unknown addresses, which is what most organisations end up doing. If you actually use chloe@ then I'm not sure what else you can do other than a bit of detective work looking for similar domain names - probably our Chloe just got one letter wrong in her email address.

or Uber have somehow done the same.

it does seem somewhat odd as 9above mentioned already) usually a sign up requires one to respond to a confirmation email sent to the email address used. U*nless uber dont bother with such basic "checks" - anyone recebntly signed up that can confoirm/dfeny?

WRT what to do... patrh of least resistance is to ditch all and any emails sent to thyat address, oreferably with a rejection.

Hmmm. Thought - is the email allegedly from Uber pukka? (usual header checks etc). Maybe (just maybe) its a phishing attempt to see if anyone responds to the adress thus indicating a spammable accoun t?

good luck with the detective work - let us know how you get on

cheers

didds

[pochisoldi]

Another approach is "data protection". If Uber are sending emails regarding trips taken, monies payable etc, then write to Uber UK's data protection officer notifying them of a "breach".

If they then do nothing, then take it to the ICO.

From my experience, reports to a company's data protection officer seem to have the ability to fix problems that "customer service" can't.

[Infrasonic]

if chloe@ is an address you don't use yourself, then you could just reject all email to unknown addresses, which is what most organisations end up doing. If you actually use chloe@ then I'm not sure what else you can do other than a bit of detective work looking for similar domain names - probably our Chloe just got one letter wrong in her email address.

or Uber have somehow done the same.

I've had this happen with a couple of domains over the years. Somebody has a genuine address at a domain very similar to mine and then I start getting emails intended for them because the sender had put the address into their database incorrectly or something has mangled it afterwards.
Or they have the address correct but are using a commercial third party bulk emailer who don't.

I just mark as Spam at let the 30 day deletion do its job.

Years ago I had a Vodafone business email account that started receiving very sensitive company financial information from a completely unrelated Vodafone account - in that case I contacted the company concerned to let them know. It stopped within 24 hours.

I had a debt recovery company that kept texting me about an outstanding Littlewoods catalogue balance. In that case I think it was a deliberate fraudulent ploy by the real account holder. I just texted back after a few messages and told the DR they had the wrong number and to stop harassing me otherwise I'd escalate it to the ombudsman. Texts stopped.

[Infrasonic]

If you contact Uber maybe mention the Canadian Privacy Commissioner in the correspondence to persuade Uber to actually deal with it...https://en.wikipedia.org/wiki/Privacy_C ... _of_Canada

[Midsmartin]

I once had someone start sending me minutes of private committee meetings of an organisation due to a typo in a domain name. I replied immediately that they had the wrong address, but it took weeks before I stopped getting emails with budget details as other members of the organisations kept doing "reply all" to old emails

[UncleEbenezer]

I think this kind of thing is not unusual. Usually it's rubbish.

Once upon a time I noticed genuine-looking mail subjects for a nonexistent user. I figured out, this was for a genuine person, whos domain was a .net of the same name as my .com. I emailed him, he apologised for his careless correspondents, I set up that username to forward to him. No skin off my nose!

No, I'm not suggesting you do that for "Chloe". If it's a genuine mistake then it's hers to deal with, and I expect she's already abandoned the botched account and moved on.

[quelquod]

“I think this kind of thing is not unusual. Usually it's rubbish.”

I agree. I’ve had email to someone called Seren at my personal domain for well over a year trying to arrange dental appointments and conveying personal data of different sorts. I tried replying numerous times pointing out that the address was wrong and had replies from various different people promising to sort it out but they never did and eventually I just blacklisted the dental domain and blackholed the offending address and stopped bothering. I hope Seren’s teeth are still fine.

[genou]

Thanks for all the responses. The domain is used for a little email, and otherwise parked at IONOS. I'd prefer to keep catchall forwarding active, as if I switch it off, I'll have to review all the single purpose addresses on the domain, for which I do not guarantee I can remember them all without research.

Apparently IONOS have a proprietary alternative to cpanel. I may just give in, be unBritish, and ask IONOS how to get rid of Chloe.

On the key question of how Uber accepted this address, I have no clue. I am confident that no-one with access to the domain has confirmed the address to Uber, because I see all email to the domain and no such confirmation has ever been asked.

[Infrasonic]

On the key question of how Uber accepted this address, I have no clue. I am confident that no-one with access to the domain has confirmed the address to Uber, because I see all email to the domain and no such confirmation has ever been asked.

If they use the Uber / Uber Eats apps on their phone then the registered email address is probably moot operationally - maybe there never was an email confirmation request as they have the real mobile number associated with an active account and real ID? Plus any online payment ID.