Monzo is one of the UK's most popular online-only banking platforms with over 4 million customers.
Cyber criminals are now targeting Monzo customers with new phishing messages supported by a massive network of malicious websites, and the aim is to steal your Monzo account.
Monzo have taken to Twitter to warn of the latest scam.
The Phishing Process
The process starts with the user receiving an SMS message, appearing to come from Monzo.
The message might look something like the above, but other messages such as those around a debit card being dispatched or a new device logging in to your account have also been seen.
If you click on the link (which you shouldn't!) it takes you to a page that displays a fake email login page and will ask you to enter some information such as your full name, phone number and Monzo pin number.
Once you've entered the details, they have everything they need to take over your account. To add, if you have entered any of these details online, contact your bank immediately, and report it to Action Fraud.
As they now have access to your email account via the fake login page earlier, they can intercept any verification emails sent to you. All they have to do is install the Monzo app, click the link and they now have full access to your online banking account.
The phishing pages you encounter might look something like this:
DON'T CLICK ON ANY LINKS
Monzo do not send notifications via SMS. They use the built in notifications system on the Monzo app or website and they would never urge you to follow links from outside of their platform.
How can you prevent this from happening?
Have 2FA enabled on your email and Monzo account
If you receive any messages from your bank, find their contact number via their website (don't click any links and go via a search engine) and contact them directly. Some banks also provide a contact number on your payment card.
Never click on links in an email or SMS
Your bank will never ask for your pin number, don't give it to anyone!
Comments