Is this a scam

Is this a scam?

I received an email from “Monzo Bank”

Email address :

cliente-account28517@haw20.monzomailuser.com

Stating : Authentication required on your account protocol: STD- 972530

Asking me to click on a link

Monzo app is working, no issues. I am being scammed?

yes :slight_smile:

Thank you

well I wouldn’t click on the link …and Monzo wouldn’t ask you to authenticate your account in an email

That’s not a monzo email address.

They use @monzo or @monzomail

They don’t email you out of the blue anyway. They would contact you in app if there were any issues :slight_smile:

some good info here if you care to read it -

and more -

And also @monzo.intercom-mail and @monzoemail

Hey @anon57061770! Sorry that you’ve received something like this! It is indeed a phishing email and not from us :pensive:

As long as you haven’t clicked the link, entered any of your details, or have any unrecognised transactions on your account, then you can just delete it :blush: If you have, please reach out to us in the app!

So, I got a phishing email today too from the same email address, with a different account number. Does this mean that Monzo customers email addresses are not being held securely?

No.

Two people isn’t anything like enough of a sample size to draw that conclusion.

Generally it means they’re sending to loads of email addresses and hope a % use Monzo

I got one, too. But not to the address Monzo has for me.

Okay, that makes sense.

these scammers really do need to get better with their research …I dont have a Barclays account :slight_smile: …looks very plausible though apart from the email address

It is a shame they can’t use a single email address, as I wouldn’t trust one from @monzo.intercom-mail, as that looks very dodgy

I had one from Amazon that was so close to believable, the email address was even amazon@amzn.com, which if I wasn’t more suspicious, I would have clicked the link in the email

That’s the best one I’ve seen so far. The grammar still isn’t quite right (we have placed a temporary suspension…etc).

Send it back with with a B grade (downgraded to a C, obvs).

They’ve got an email dump from somewhere with hundreds of thousands of emails in it. Why bother researching which ones actually belong to Barclays customers when you could just email everyone regardless, and even if 1% of those thousands who are actually Barclays customers fall for it, you’ve still made a gain. They don’t care about the 99% who aren’t Barclays customers, just the tiny fraction of a percent who will make them some money.

The moment they start researching who is or isn’t a customer first? The time cost will massively outweigh anything they may gain.

I think this must be a legacy address from when Monzo used Intercom for their chat function. Possibly still the case somewhere in their software where if they mail you as a result of a chat, it still comes through this flow? What I mean to say is, I think if you get an email from that domain it’ll likely be when you’re expecting an email from Monzo rather than it being out of the blue.