Fake Uber, Lyft, or rideshare driver account deactivated or earnings withheld phishing — fraudulent email impersonating Uber, Lyft, Uber Eats, or another gig economy platform claiming the recipient's driver account has been deactivated, suspended, or flagged, or that their earnings have been withheld or placed on hold — directing them to click a link to verify their identity, appeal the deactivation, provide driver's license and vehicle registration, or confirm bank account details to release their earnings — a credential-harvesting and financial data theft attack targeting gig workers whose income depends on continuous platform access

Phishing emails impersonating Uber, Lyft, Uber Eats, DoorDash, or other gig economy platforms — claiming the recipient's driver or delivery account has been deactivated, suspended, or flagged, or that their earnings have been withheld pending a review — then directing them to verify identity, provide driver's license and vehicle documentation, or confirm bank account details to restore access or release held earnings. Gig worker account phishing is a growing category targeting the 57M+ Americans (FTC 2023 estimate) who participate in the gig economy. Key facts: (1) Rideshare and delivery driver accounts represent direct income for millions of workers — for full-time Uber and Lyft drivers earning $800–$1,500/week, account deactivation means immediate income loss; the threat creates extreme urgency that drives high click rates; (2) Uber driver deactivations do occur — Uber and Lyft regularly deactivate drivers for low ratings, safety incidents, policy violations, or failed background checks; fake deactivation notices exploit this legitimate mechanism and the driver's inability to easily appeal the real process; (3) "Earnings withheld" phishing exploits a real payment process: both Uber and Lyft implement earnings holds for accounts under review, new drivers, or dispute investigations; fake "held earnings" notifications are contextually plausible to drivers who know this mechanism; (4) Driver document requests (license, vehicle registration, insurance) are contextually plausible because gig platforms do genuinely request updated documentation periodically; harvested driver documents enable full identity fraud with government-issued ID photographs; (5) Legitimate Uber and Lyft account management, appeals, and payment issues are handled entirely within the official apps and authenticated partner portals — never through external email links. Warning signs: non-official rideshare domain (not uber.com or lyft.com), account deactivation urgency with external link, driver's license/vehicle documents or bank routing requested via email.