Account accessed from another location while still logged in

Hi all,

Recently it appears my email was compromised and someone managed to get access to it. Somehow they were able to sign into my Monzo account and transfer themselves money from my account.

What I don’t understand is, if I was never signed out of the app, how is it possible someone was able to make a transfer? As far as I know, the only way to make transfers is via the app and it can only be logged in on a single place at a time, I have since tested this and it did appear to be the case.

So how was my account accessed and a transfer made if it wasn’t via the app? I was staring at my phone the entire time the transfer occurred so I know there isn’t some kind of remote access setup on my phone.

Any help would be appreciated so I can stop this happening again, my savings are already gone.

What security have you got on your Monzo account? Biometrics/Pin.

You need to input one of those to make a transfer.

I’m using pin currently, when I login to my account I have to enter my pin also.

Have you shared your PIN code with another person?

No certainly not. But even if I had, how is it possible that I wasn’t signed out of the app when someone else signed in?

You can be signed into the app on an iOS device and an Android device simultaneously. It’s only multiple logins on the same OS that don’t work.

OK that makes sense then. I still don’t understand how they got my pin but that is definitely an explanation for why I wasn’t logged out. Thanks

I agree it doesn’t make any sense. I presume you’ve reported it to Monzo and Action fraud.

I have indeed. My email account also had MFA enabled and I never received a request but I did find 3 read login attempts in my spam folder, so it was accessed for sure. I have tried to secure the account further but have changed to another supplier as this one can’t be trusted it seems.

You can’t transfer money without entering your PIN

If it turns out that your PIN was used (easy for Monzo to check) you’ll not get your money back. This is because its due to your negligence in not keeping it safe and secure.

The only explanation is that they somehow got the PIN, how exactly I’m still trying to workout. It wasn’t anywhere in my email.

I’m still waiting to hear from Monzo but my fingers are not crossed.

That’s good. They don’t need to be crossed. I’m certain that if you’ve been a victim of fraud they’ll bend over backwards to help - just search on here to read examples

However what you’re reporting is almost word for word what other people who are trying to tarnish Monzos reputation say. They all claim that someone has magically bypassed every possible bit of security and they never provide any real detail or come back to share how it went.

They sometimes do this because they accidentally sent money to the wrong account or they regret a purchase. Nether of which are refundable so they try and make up a story of fraud like this.

Either way, Monzo will get to the bottom of it and hopefully justice prevails Be sure to come back and update us

Yeah I get that, it definitely does seem very strange, I just cannot workout how it’s been done.

I received a call from the fraudster claiming to be Monzo, they were calling from a Monzo number (I know this can be faked) and knew my transaction history, this is why I initially believed it could have been genuine. They then started asking me to transfer additional money to the account to confirm another payment was legitimate, it was at that point I knew the call was non-genuine, the call then ended and almost immediately, all of my money left my account. They were clearly just trying to get me to add more so they could take that too. They even sent me a text saying to expect the call and it was sent from Monzo, I know this is also easy to be faked.

I will try and remember to update this, I understand the team should be back in contact with me pretty soon.

Also earlier in the day I’d had issues making payments online, so that was even more reason to expect the call.

Ahhh well that sounds more relatable and I’m sorry to hear it

I’m not sure why you can’t trust Monzo anymore and have moved accounts as a result but hopefully it helps you feel more secure again.

Monzo have a great blog post on phone scams and such. Be sure to check it out, as this can happen with any bank and I’d hate for you to be a victim again.

Sorry, it’s just my email account I’m changing, if that had been secure, I would never of had this issue.

There’s definitely details missing here.

Why would they call you to transfer more if they already had access to your account and could take money at will?

Please let me know what further details would be helpful!

And they wanted more adding because there wasn’t that much money in the account, they wanted me to add an amount that was more that what was already in the account.

The fact they had your PIN is what worries me. Getting access to emails is one thing, but unless you had it recorded somewhere, or they physically observed you entering it, or you divulged it somehow, it lives only within your memory.

If you use the same PIN elsewhere, I’d be changing it.

First step is to check here: https://haveibeenpwned.com/ drop in your Monzo email, if any of these services require your pin to log in or hold your pin in any way, it’s possible that’s how they got it.

Secondly how much correspondence have you had with Monzo over the past month or so via phone, email, post etc.? This seems like quite a targeted attack so it’s possible they’ve contacted you before pretending to be Monzo and perhaps pushed you to an imitation version of their site to capture your pin.