Monzo Impersonation - Attempted Fraud

Hi All I thought I’d share an attempt to defraud me which happened about half an hour ago. Given there’s been some stories in the press recently about people falling to APP fraud that have been discussed on here, I was surprised when it actually happened to me.

I got a call from a ‘No Caller ID’ to my mobile from ‘David’ claiming to be from Monzo’s Anti-Fraud Team. He knew my first and last name and claimed there had been an attempted logon to my account from Coventry. At the sometime, I’d received an SMS from ‘Monzo’ priming me for his call.

He then ran through a plausible script of questions, including whether the card was in my possession, had I attempted to log on with a new device, was I in Coventry, and so on. After all this, he claimed he needed to secure and unblock the account and I was therefore to forward an email (the ‘magic link’ email) to an address sent via another text message.

After stringing him along for quite a while, and challenging him to prove he was from Monzo (“I’ve sent you a text message and an email”), I told him Monzo don’t send text messages and he promptly hung up on me.

Now, I’m reasonably savvy when it comes to this kind of thing, but I was surprised at just how slick it was and, looking back, it was done at a reasonably quick pace albeit calm and measured. Now, the ‘magic link’ email could not be any more explicit about not forwarding it, but I can see how, with someone on the phone and the threat of fraud / being locked out of your account, some people could fall for this.

Interestingly, they have my name, location (“London”), email address, and potentially know I have a Monzo account. Alternatively, they could have been fishing and it was just luck that I actually have one and encouraged them to carry on with the scam.

Screengrabs of the messages and latest version of the magic link email below for this who may be interested:

IMG_31671125×2436 205 KB

IMG_31681125×2436 308 KB

Check if your email address is here

https://haveibeenpwned.com/

Sounds like a phishing attempt

Thank you for sharing that experience with the forum, Rich.

It’s an excellent example of how the not-so-savvy could be easily duped into providing access to their account to a third party.

As you say, could be “pot luck” that they contacted someone who actually had a Monzo account, though, with four million customers, reasonable odds anyway.

As Emma suggested, check your email address, though I would also be curious as to how they got access to your phone number too.

Have you provided Track and Trace at any pub or restaurant recently?

My email has been caught up in a few data breaches in the past - I know that site well - most recently I think in a big CRM database leak. What details were held in that, I’m not sure but yes, as you say, they had my phone number which isn’t great.

Nothing provided for Track and Trace yet - I wish I had as it means I’d be stuffing my face in restaurants more

Have just reported this to GoDaddy and DomainsByProxy, who are listed in the whois of monzofraud[.]org

Wow, very scary stuff - looks legit-ish too.

You did right by telling him that as I’ve never had a single text from Monzo at all.

Hopefully OP has reported directly to Monzo, who I’m sure will also be interested in reporting and closing down that domain.

Thanks for sharing your experience, OP. It does sound to me like there has been a data breach somewhere prior to the call, given they knew your name and email address. That or they’ve somehow managed to do a bit of research on their targets. Glad to hear you were wise to their game and were able to waste their time some.

Looks at least as legit as monzoemail.com

Hah yes true, and the whois for it is equally opaque. Is that what you get by default if you register through AWS or something? Regardless, it should have monzo details in there and not be masked if they will insist on using the domain!

Great stuff, thanks. Not something I would have thought of doing

Yes, I’ve messaged Monzo in-app and reported it to them with the screenshot of the text messages.

Also flagged with Action Fraud for what little good that will do!

is that website ok to put my email address into

Might be a stupid question but how do they get our telephone numbers as well as know specific bits of our info (like name and who we bank with)?

Data breaches from other websites/companies. Phishing. Things like that.

There’s always the phone book.

(And it’s always worth going ex-directory, IMO, if you haven’t already.)

its also worth going with a company for internet that don’t offer a phone line as I have found out i don’t get any scam calls anymore

yep, it’s legit and fairly well known - https://en.wikipedia.org/wiki/Have_I_Been_Pwned%3F

There’s a recording of a fraud in progress at the beginning of this podcast.

(Edit: Just noticed your email was 13 days ago)

The magic link emails to me have been getting increasingly stark over the recent weeks. This is the latest iteration from last night:

image1236×910 49.2 KB

(I get a quite a lot of them as I am pinging between my phone and Chromebook every day or so, so can easily note the changes)

I’m worried what the next phase will be, someone coming to your house to shout it in your face?

Worrying how slick that was. Thanks for sharing.

Does make me think that banks should be taking more proactive steps to ‘force’ awareness on users.

We have to do a short n’ sharp data protection quiz at work every year or so. I wonder if a similar mechanism should be implemented at Monzo e.g.every 6-12 months a Security Policy Quiz pops up in your feed. 3 multiple choice questions, 15 seconds to complete, reaffirming the basics.