I had an email the other day allegedly from Monzo, it had @monzomail as the sender and looked legit. Stupidly, I clicked the link and it launched the app and it asked for my PIN. Later realising what I had potentially done I withdrew all accessible funds from the account and have now changed my PIN.
Is it now safe to replace the funds and start using the account again or do I need to do more?
I think monzomail.com is a legit domain
Or is it monzoemail?
Edit: no, it should be monzomail (see the link above)
They really need to sort this out and identify legitimate emails somehow
They also have monzoemail.com too
I think the âofficialâ emails you should expect emails from are:
monzomail.com, monzoemail.com, monzo.com
and potentially monzo.intercom-mail.com
Iâm not sure if the latter still exists but yeah. Lots of very similar emails.
If the link you clicked launched the app then youâre good.
Itâs when emails take you to a webpage or ask you to do things like move your money that should cause alarm bells to ring.
This⊠this is awful
Itâs really really poor of Monzo to train their customers to fall for phishing scams!
unless, of course, they get some kickback from the scammers for the training they provide, in which case its all good - just another avenue on the way to profitability 
Were you attempting to login at the time when the email arrived?
What was the email subject?
That email logs you into your account, did you try logging in before you got that email?
If not , either you should have got a scam call to try convince you to forward the email to them so they can login to your account, or they already have access to your emails and were about to click on it themselves, so I would change your email password as soon as possible, and review the security part of your account for new / suspicious logins.
If the email was a few days ago and youâve had no new ones then thereâs probably no one in your email account, as they would have requested a new login email by now.
Itâs also interesting seeing the:
donât forward this (even to us)
in their email, given most banks and large organisations tend to have a âphishing@â email where you can send these emails to and they can confirm if it is or isnât from them.
Iâm all for the magic links, but there is certianly a bit of tidying up that could make all this a more consistent / clean consumer experience,
I think they need to redesign the email system such as adding security that confirms itâs your bank such as your full name and postcode and last 4 digits of your phone number like PayPal tends to do and a few highstreet banks
I received a email from monzo the other day, it was a legit one but it didnât even say my name on it, just hello 
Thing is, this information isnât hard to get hold of and pretend to be a bank. Facebook leaked a tonne of this info recently so you donât exactly have to look hard for it either.
They should just do away with email completely. Secure the login process so the magic link isnât needed and then say to the customers
WE WILL NEVER EMAIL YOU AND WE WILL NEVER CONTACT YOU BY PHONE.
If the only communication is via the app along with notifications for things such as statements ready and all the other payment notifications it would make the whole process significantly less susceptable to fraud.
Something I never understood about Starlings process is the customer service PIN. If they call you, they ask you for the PIN when it clearly should be the otherway round.
Banks could make their life significantly easier if they just restricted outbound communications to their respective apps and all voice communication was from the outside in.
If your Uber Driver calls you he doesnât know your number, his call is routed through Uber. Equally if you call your Uber driver you are connected to the their system and then the driver. The same could apply to banks. If Monzo wanted to get in touch with you by phone they could notify you in app to call a specific number at a specifc time.
I definitely think thereâs value in having some kind of 2FA when it comes to contacting customer services, in either direction.
Maybe something thatâs not PIN-like (so it doesnât get confused). Apple have a great system where you get a pop up to verify youâre the account holder / phone holder.
I just got a push notification for a survey, came through the usual chat channel.
This is so so so much better. No clicking links, no worrying that itâs not from Monzo.
I have just had it confirmed that the original email was indeed from Monzo so panic over.
Thanks everyone who took the time to reply.
Thanks for the update â good to hear itâs all solved now
What @kolok says still stands though â did you try to log in at that time/on that day? If not, someone might be trying to take your account over and you need to change passwords ASAP
What was your method here? Did you cancel all your pots? Do you have an overdraft facility? Not worried about your DDs or continuous payments? Just curious.
I just took all the money out of the pots into the main account and withdrew that. It was only for a couple of days and I knew Iâd got no DDâs coming out. No overdraught facility so no worries there.
