Phishing Scam?

I’ve had an email from noreply@monzo asking me to Log In stating;
“As part of our security procedures, Please note that your Monzo Online account security is about to expire. In order for it to remain active please update your account.”

I’m doubting the validity of this but it’s quite well done if it is a phishing scam.

Yeah looks dodgy to me! The geek in me would look at the source and find the link that button goes too…


What’s the rest of the email address?

Either way, it looks and sounds dodgy.

  1. It’s not terminology Monzo would use
  2. It’s not something they’d ask you to do
  3. It would start with your name (since they have this) not ‘Dear customer’
  4. They’d sign it off with the name of the person dealing with the matter and their job role. Not ‘Monzo customer services’.

I could go on…

Don’t click it, don’t open any further ones. Mark it as spam and delete it :slight_smile:


I’ve just, and only just, bothered to look for any tooling in the BlueMail app that I use on my phone and found it can expose the headers which shows this to come from a nice long string of obsfuscated relays.
It’s used “” and “ukmail.iss”.


The poor grammar is another giveaway.

1 Like

Thank you.
I thought it best to check and to expose it incase anyone else got one of these and wasn’t as on the ball.
Not that I consider myself on the ball, but I at least saw through this one.

There is no rest of the address. It’s just noreply@monzo which was that initial give away but I’ve seen some fairly random domain suffixes over the last few months so not exactly 100% on that as a clue but thanks again.

Ahh they’re masking the fake address with that then. That’s another thing to add to the list as monzo use :slight_smile:

Relatively few out and out grammar errors for this type of thing, as it happens:

  • the first word after every comma is incorrectly capitalised.
  • “Monzo Online” instead of “Monzo Bank”

The second paragraph is a load of nonsense. Vague mention of benefits giving you value for money? It’s a bank account, so unless you have Plus you’re not paying anything for it anyway.

Big flag should be “your Monzo Online account security is set to expire” because the question you should be asking yourself is “Why would my bank security expire? Is that not a bit weird?”

Other question you should be asking yourself is “Why wouldn’t this be a push notification in the app if it’s legit?”

So while they’ve made a decent effort at passing it off, it doesn’t pass the smell test for me.


Oh I don’t know. I’ve seen plenty of communications from banks with poor grammar - though Monzo admittedly isn’t one of them!