Yes, but I agree with @OBR, why shouldn’t it be done on the rest of the Monzo estate? An attack against Monzo.me could simply be started via a different Monzo site/domain the user trusts.