Beware Monzo phishing scams by way of SMS • Graham Cluley


Beware Monzo phishing scams via SMS

Final evening, I used to be lounging on the couch…


An SMS textual content message arrived on my telephone. It claimed to come back from Monzo. I do have a checking account with Monzo, in order that didn’t look suspicious. And the message was grouped with all the opposite textual content messages I obtain from Monzo.

To keep away from points and stay verified with Monzo, please verify your account on the hyperlink beneath.

Would you have got trusted it?

I hope you wouldn’t. However I guess lots of people would. Particularly if – like me – you had been a Monzo buyer. And particularly because it was offered alongside different messages from Monzo.

Fortunately I had my safety spider senses turned as much as 11, and so I knew higher than to click on on the hyperlink and enter my banking particulars.

However I did bravely go just a little down the rabbit gap to point out you what you’d have seen for those who had clicked…

Very first thing I noticed is that the web site the textual content message is linking you to, asks you on your e-mail tackle. Monzo could be very a lot a digital financial institution, which you solely entry by way of an app. So far as I do know there’s *no* web site the place you possibly can login to your account.

For those who seemed up this explicit web site’s WHOIS entry you’d additionally discover that it was solely registered yesterday. Hmm… that’s a bit suspicious isn’t it?

After all I didn’t enter my actual e-mail tackle. Why would I would like the scammers to know my e-mail tackle? They already appear to know my cell phone quantity. So I entered a random e-mail tackle as an alternative.

Signal as much as our e-newsletter
Safety information, recommendation, and suggestions.

After which I used to be offered with one other display screen, asking me to enter the PIN of my Monzo financial institution card. Ho ho ho, as if I used to be going to enter that.

At this level I despatched Monzo a tweet, telling them concerning the rip-off.

I additionally reported the URL to Google. In my expertise for those who try this Google can fairly shortly shield billions of web customers, by displaying a warning dialog of their browser in the event that they try to go to the identical URL.

A fast trawl by means of Twitter uncovered that I wasn’t the one individual to obtain this explicit phishing message, and there are many different examples of Monzo banking prospects receiving textual content messages asking them to go to different dodgy URLs that fake to belong to Monzo.

Which leaves an apparent query. How did the scammers know to ship me and different Monzo prospects a textual content? I don’t obtain SMS phishing texts pretending to be from firms with which I don’t financial institution. Is somebody leaking the cell phone numbers of banking prospects, to assist phishers make their scams look extra practical?

Discovered this text attention-grabbing? Observe Graham Cluley on Twitter to learn extra of the unique content material we put up.

Graham Cluley is a veteran of the anti-virus business having labored for a lot of safety firms for the reason that early Nineteen Nineties when he wrote the primary ever model of Dr Solomon’s Anti-Virus Toolkit for Home windows. Now an impartial safety analyst, he usually makes media appearances and is an worldwide public speaker on the subject of pc safety, hackers, and on-line privateness.

Observe him on Twitter at @gcluley, or drop him an e-mail.