Concerning scam

Just wondering if anyone has ever or recently experienced anything similar to this?

So I missed a few calls the last few days from an 0800 number that differs only by two digits from the official Monzo one. On their third try today I thought what the heck it’s most definitely a cold call, but I’ll answer it. The guy said ‘hello am I speaking to (my name)?’ and I replied yes ‘who’s calling?’ He said he was calling from Monzo as they have flagged my account based on a declined transaction earlier today. That instantly sent more alarm bells ringing in my head, because every transaction had gone through. He said ‘I’ll send a OTP to your number ending (my actual number) if you can share that. I was utterly convinced this was a scam and told him ‘if anything is amiss I’ll get in contact with Monzo myself’. He said ‘I completely understand that and I want you to feel confident that you’re talking to the right people’. I hung up.

I messaged Monzo in the app and they told me ‘the phone call wasn’t from us. It was a phishing call pretending to be from Monzo’. As I thought. Though the Monzo chat agent then said ‘I do see that a text was sent today but I cannot see a phone call history.’ This flummoxed me. I replied saying ‘just to confirm Monzo sent me a text today, but didn’t call me today?’ The agent replied ‘I can only see a text on my side, please contact 0800 802 1281 to see if they can track the call as well.’ So I called this number but the automated system kicked me off and told me to use the app chat instead for my issue. I went back to Monzo chat and told them I was told to speak to Monzo over the phone and they’ve now scheduled a callback. Side note: this is a weird loopback situation that shouldn’t happen in customer service.

I’m still utterly confused about how Monzo could see a text had been sent to me from a number calling itself Monzo, but not see the phone call that initiated that text message and then they confirm it was a scam call. I have had one text from any Monzo sender (real or otherwise) today and none in the last few weeks. The caller Monzo say is a scammer initiated a text - it came through to my phone as he was talking. Real Monzo have a record on their end of that text message, but no record of the phone number. What is happening??

As per the other thread, the scammer tried to make a transaction posing as you. Monzo sent a genuine text to verify it was indeed you making the transaction and had you given them the code the scammers would have got away with it.

Just receiving the code means nothing.

@AlanDoe merge please.

4 Likes

Per the other thread, this is very common and pretty much how most of these scams work these days.

  • Scammer has your card number
  • Scammer tries to make a transaction
  • This will trigger a legitimate code from Monzo
  • Scammer spoofs Monzo’s number pretending to be them
  • Scammer convinces you they’re Monzo and they need the code from you
  • You give them the code
  • Transaction goes through and you’ve been scammed

So the SMS is legitimately from Monzo but it was an attempt at a fraudulent transaction by someone other than yourself that triggered it.

The whole reason they do it is that SMS code is real and they need it, and they’re pretending to be the bank to fool you into giving it to them because you trust the bank.

The system does its job as long as you don’t share the codes with anyone.

3 Likes

I see you posted this while I was replying to your other post. I’ll keep it short and sweet here:

  • Monzo can’t see the phone call because that was the scammer. They weren’t calling you.

  • They can see the text because the scammer has compromised your details enough that they were able to trigger it.

The scammer was trying to get you to reveal the OTP so they could complete their attack on you.

1 Like

Sorry I was busy writing this, when you kindly replied to my other comment.

Thanks. I get this, but usually if a transaction needs authorising, doesn’t it show up as such in the Monzo app?

Some transactions use an SMS to authorise instead and I think you sometimes get a choice of whether to use the app or SMS. (On the authentication screen there is sometimes a message you can press to get a text. Useful if your internet is slow but a text might get through).

Presumably the scammers choose this option as it’s easier to social engineer someone in to giving you the text code rather than authorising a transaction you don’t recognise in app.

2 Likes

Monzo would be the only ones that can confirm what the ultimate purpose of that OTP was. What matters for you is that you should never share the OTP with anyone.

In the end, the scammers tried to do something posing as you, Monzo sent an OTP to confirm it’s you doing the thing, and by not giving it to them you stopped them doing whatever it was they were trying to do.

They couldn’t do it without the code and that’s why they needed to call you.

2 Likes

Right. This is frightening that SMS only is an option for all sorts of authentication. IMO everything like this should go through the app.

There will always be a need for a fallback, and currently that’s SMS however insecure that is.

2 Likes

There used to be a problem with the Sainsbury’s app crashing whenever it diverted to the web authentication page. Every single time. Without a fallback of asking for SMS I would’ve had no groceries for months.

Having a fallback is really useful and so long as you don’t give someone the code that’s sent it’s generally as secure as using the app notification.

:grimacing:

I understand that sure, but if someone’s requested SMS authentication then ALSO tell me that in the app. There is no record in my list of transactions in the app of any transaction being held or needing authorisation.

When the call came through from the scammers checking the app to see if Monzo were calling you would have confirmed they were scammers.

Yes I should have done this as you say, but forgot this was a feature.

The problem with checking the app is that feature is hidden within the settings of the app. In reality, it should be on the homepage to be more effective.

4 Likes

I’d be very sceptical of Monzo ringing customers in the first place because customers can’t even get through to Monzo without jumping through 50 different pre recorded recordings :face_with_hand_over_mouth: even when you request a call back they never do. Now they have the feature where you can check if your on the call to Monzo that should stop anyone from being a victim of a scam.

4 Likes

@Cormaca
Cancel the card and request a replacement, it’s compromised.

Thank you yes I’m taking your advice before waiting for an explanation of what happened from Monzo. However it’s proving difficult to even order a replacement card. I clicked ‘order a replacement’ and ‘I’ve been a victim of fraud’ (even though technically I haven’t, the fraudsters just have my details) and have been got very slow customer service, including multiple Monzo agents closing my case early when there’s been no resolution.

I used to think Monzo’s customer service was good. I think far less of it now.

What do you expect from them?

There’s no financial loss, the end.

Get a new card and move on, nothing monzo can do, this happens with all banks every minute of every day.