Got scammed today

Sign them up for all kinds of email subscription services. Surely that’s not illegal?

1 Like

Not at all, no subscriptions sign-ups involved. You only enter ‘your’ email as the recipient.
I mis-typed mine unfortunately,instead of entering me@daman.com I slipped and entered support@monzo-team.uk then clicked on ‘Go’ before I’d realised the error. Multiple times. Oh well :man_shrugging:

6 Likes

It is a very rare name.
Apperantly there is only 1 on social media.
Wonder if that is the same person.
Have you been in touch with the police?

3 Likes

Sorry to hear that, sounds like quite a sophisticated attack.

For the future, check out this article. It’ll tell you the circumstances in which Monzo will call you (very rarely!)

1 Like

Namecheap might not be great for this but Monzo should report it to Nominet… They would take it down in a heartbeat

4 Likes

Trying to do so! Website under maintenance:

https://reporting.actionfraud.police.uk/reporting/victim

malekzeenniMalek

12m

Trying to do so! Website under maintenance:

https://reporting.actionfraud.police.uk/reporting/victim

Luckily only a few hours.

1 Like

“Monday 7th of Septembet”

:thinking:

4 Likes

The month now sponsored by BetFred*

*other betting sites are available.

1 Like

“Live Cyber support”
:grimacing:

4 Likes

I’m not the NCA but pretty sure a group this sophisticated would never send stolen money to their personal account. That will be either another fraud victim or a paid participant about to get a CIFAS marker after the money has been funneled elsewhere.

Really hope the NCA can get to the bottom of this and convict the perpetrators, but I doubt it :frowning_face:

I’m glad the OP didn’t lose huge amounts of money and appreciate them taking the time to raise the alarm to others.

3 Likes

Sounds very similar to an experience I had a little while ago. All very well-rehearsed and smooth:

1 Like

Thanks for sharing this and I’m so sorry that you had to go through it :sweat:

I have, though, removed the screenshot of the account that they paid money to. It’s quite possible that the person named is as much of a victim as you, and that they’re just moving money around between compromised accounts.

8 Likes

I’m sorry you had to go through this - hope you can recover swiftly.

It’s interesting I think that they got your details before they spoke to you. Do you know/suspect at all how they got your personal info already?

I imagine they managed to get sufficient data from a breach somewhere else, and assumed you might be a Monzo customer and gave it a shot - and I can see how when recieving a call from the Monzo number (which will have been spoofed), and they present you with your own details as verification, how trustworthy it could seem.

The trick of “get you to delete the app and distract you for as long as possible” is a good/terrible one - it gives the scammer the time to do all the fraud they need to do while you don’t have the app / get locked out.

So the top few tips of bank security:

  • Never trust anyone claiming to be your bank calling you directly. Always call them. Especially if they tell you not to.
  • Never trust any email claiming to be your bank - and always check the headers / from address etc - and if neccessary verify with your bank.

These stories do also lead me to generally quesiton bank security - I feel with other banks you have more lines of defence before you’ve possibly compromised your account. Account ID, Password, Unique Code, sometimes a generated code/log in code, etc.

While I do believe Monzo is just as secure (and I would recommend putting 2FA on your email too) - I wonder if Monzo is easier to target from a social engineering point of view.

3 Likes

Me too. Most of the emails I receive from banks say something along the lines of “you’ll know this email is from us because we address you by name and include the first part of your postcode.”

3 Likes

There’s definitely more banks could be doing to help prevent these types of scams. I also believe there is an effort to secure caller ID from spoofing attacks, which would go some way to preventing them from appearing so legitimate.

Looking at the other fintechs, Starling auto generate a customer service PIN in the app, though I’ve no idea how this is used by them. I’d hope it isn’t just used to identify the customer when calling but also to identify Starling when they call the customer.

Barclays also have a fairly novel feature for premium customers to verify a legitimate call in the app. This should really be rolled out to standard customers as well. Extending this to a push notification advising they will be calling soon would also help.

That said, until verification of the caller is normalised by the bank scammers will always be able to socially engineer vulnerable customers out of their funds.

3 Likes

There should be a way to verify the new email by authorising the change from the old email. If you don’t have access to your old email, then further checks should be made. Change email and add new payee within minutes should be a red flag.

5 Likes

Is this not the case? I’ve not changed my email with Monzo, but with other companies I’ve often received an email to the old address advising to click a link if I didn’t make the change.

1 Like

Interesting - I don’t use Starling enough to have ever seen this - but I’ve been saying for a while this type of implementation would be good within Monzo.

It’s similar in approach to how Apple verify support tickets, I believe - ‘enter the pin shown on your [iDevice] to continue’ style.

Isn’t the issue how do you stop people giving out the PIN over the phone? Even when people get a text saying don’t give this out to anyone, they still do.

2 Likes