I want to report a massive breach scammers were able to contact us via the official monzo mobile number. How is this even possible?
1 Like
It’s not a breach. It’s very easy to spoof.
3 Likes
As noted above, fraudsters can make it look like they’re calling from the bank, and generally have information about you from many sources such as social media, purchasing goods and services from unusual places, public profiles on many platforms.
It would be good advice to change your passwords where possible, and be conscious of where you shop online or where you share even the small pieces of information (even on social media posts/groups).
3 Likes
In this case the number that was used was identical to the one used for previous correspondence with Monzo. It wasn’t a madeup number that looked official - How would they even be able to create the impression that they are sending a message off of the legitimate monzo number? Just interested to know how they can spoof the official number?
Have a look at the links Carlo posted, they’ll explain it far better than I ever could.
4 Likes
There’s a million technical explanations a quick google away, but as above this is very common and easy to do unfortunately.
Monzo has this page so you can see if they are the ones on the phone to you or not
2 Likes
Very easily. Number spoofing is incredibly common, as the links shared above and a cursory Google search shows.
1 Like
Monzo has a mobile number?
I only see two numbers on the following page and neither are mobile numbers
VOIP services allow you to set your name to be anything.
Not sure if it’s still the case but it used to be that you could create a Skype account, set your name to be something like Monzo, and in caller ID you’d show as that since you don’t have a phone number for the recipient to see.
I get number spoofing and how easy it is to do, however I was called out of the blue by ‘Monzo’ who told me they had just sent me a OTP to my phone number. It was spoofed so the text came from’Monzo’. I hung up. The concerning part is that when I spoke to Monzo over Monzo app chat, the support agent said ‘we do have a record of sending you a text today, but not of a phone call’. I received only one text from any number calling itself Monzo that day… They told me it was a phishing call. How though do real Monzo have a record of a text being sent to me that day if it was initiated by a scammer?
That’s how these authentication code scams work and is why they say to not even share them with the bank staff as they’ll never ask for it - someone triggers a code and tells you it’s the bank verifying your identity or something and that it’s safe to share with them even though it says not to, but really you’re giving them a code to approve a transaction or some other action.
1 Like
Could be the scammer has tried to compromise your account and knew enough details to get Monzo to send the OTP, and this part of the scam was them trying to get you to reveal the OTP to them so they could do whatever they were trying to do.
If I were you I’d be checking credit reports to make sure there’s no other strage things showing, and checking no other accounts like email have been compromised.
Might also be worth contacting your mobile supplier to check no-one has tried a SIM swap fraud on you.
1 Like
Thanks for your message, but there’s no record of any attempted transaction on my account?
Thank you. I’m not familiar with SIM swaps so I’ll google these.
Doesn’t Apple Pay set up require authorising through the Monzo app?
You can add cards directly within iOS settings and can either confirm in app or via SMS (with some banks via automated phone call too).
I see thanks
Thanks @ndrw - I think this may been what happened. It is scary how they have gotten the Monzo fraud hotline script to the tee with some questionable requests. Thanks for the help