Scammers target Monzo customers with dodgy text message and phishing website

Monzo users have been targeted with fake texts linking to a copycat website phishing for login details and selfie videos, giving criminals everything they would need to hack into accounts and commit identity fraud.

This impersonation scam was reported by a Which? Facebook group member earlier this week. The phishing website was quickly taken down but Monzo customers are being urged to stay vigilant and keep an eye on their accounts for suspicious activity. 

Outsmart the scammers

The fake Monzo text 

Although Monzo users manage their accounts via the bank's mobile app, the text (shown below) claimed that customers needed to upload a photo of their ID and a 'selfie' video via a link to continue using the app.

It directed them to click the link to web address [monzo-uk-help .com] which was registered on 1 June 2023 and live for six days before being taken down. The IP address is located in Russia, according to Domain Tools. 

Find out more: 

The copycat Monzo website

The link in the text directed recipients to visit a convincing clone website which used the Monzo logo and text copied from the bank's app.  

This phishing site initially asked potential victims to pass a 'security challenge' to prove they aren't a robot, before asking them to provide their email address, password, debit card Pin, and a short 'selfie' video to confirm their identity.

Banks and other companies work with third parties to remove phishing websites. In this instance, the fake was quickly flagged as suspicious by Google Safe Browsing before being taken down. 

A Monzo spokesperson said: 'We take robust action to protect our customers from falling victim to phishing scams such as these. In this particular case, we worked quickly to get this website removed as soon as we were made aware of it, and our internal security measures ensured that no harm came to any customers who entered their personal details. We urge all of our customers to remain vigilant to the threat of scammers.'

Find out more: 

Which? tips to stay safe from bank scams

If you receive a message claiming to be from your bank and you have any doubts, the safest move is to contact it using a trusted method (never reply to the text or email in question). Here are some other tips:

Do...

Check the wording of messages carefully. Does it address you impersonally or try to create a sense of panic? Both are common phishing tactics.

Pay attention to the URL of any website. Is there a spelling error or an unexpected domain?

Keep your browser and security software up to date, and run regular virus scans.

Mark unwanted emails as junk, as you can train these filters to recognise spam by marking offending emails as 'junk' rather than just deleting them.

Don't...

Click links or download attachments from emails and texts. Type web addresses into the address bar of your browser manually instead.

Reporting scam texts and websites

Scam texts can be reported to your network by forwarding them to 7726. You can also report scam calls received on your mobile phone. On an iPhone text the word ‘call’ followed by the phone number to 7726 and for Android, text the word ‘call’ to 7726 (you’ll then receive a message asking to reply with the number).

If you have given away sensitive data, contact your bank immediately and report it to Action Fraud.

Find out more: 

source https://www.which.co.uk/news/article/scammers-target-monzo-customers-with-dodgy-text-message-and-phishing-website-aqJPY5p1FMoj