I’ve just received a text message from Monzo stating
We have noticed suspicious activity and need you to confirm your details. Please visit: https://monzo-authenticate.com
Is this a genuine message? I’m concerned the url is not the Monzo.com one and a Whois doesn’t seem to be owned by them. Can I trust this?
STAFF EDIT (by @dan5)
This is definitely a scam - please do not provide any personal details 
Looks dodgy to me
It’s dodgy, don’t do it.
Ask yourself, why would Monzo send a text instead a message through the Monzo app? They wouldn’t, so the text can’t be genuine.
ETA: untagging Alan, as Dan is on the case and has raised this internally now.
Thanks guys
It appears to ‘have’ come from the same number that the Monzo auth codes come from.
The Whois record looks really dodgy. According to one the domain was registered yesterday and another says it is for sale
Have no messages in app
Further doing a search for the url without the ‘.com’ seems to return nothing.
It hasn’t, though. The number has been spoofed, which is stupidly easy for scammers to do.
It’s not genuine.
Alright cheers guys will delete the message. Have transferred the majority of my funds to another bank already just to be on the safe side
Just tried it with fake details - it’s a complete scam.
Asks you for email address, then makes you “sign into” your email account to get your password, then asks for your PIN number, then redirects you to the genuine Monzo homepage.
Cheers Harry. Good to know I don’t need to be concerned about my account. Hopefully no one else has put there genuine details in
Report it in app
@Dan5 are you around (and have redownloaded slack) to pass this on?
I tried to give the link to this community topic, but chat is closed for me until tomorrow morning 
How about if you use the ‘report fraud’ help article link?
Thanks for flagging - I’ve raised this internally. Thanks for the tag @Rat_au_van 
edit: should have added that it’s mostly definitely a phishing website!
Proper dodgy…
and
FWIW, I’ve emailed the ‘Abuse contact email’ with details that the domain is currently configured to point to a phishing website, masquerading as a UK banking service.
I detest these people. And if these people are watching, I detest you.
EDIT: At least I got a quick ticket response:
Dear David Walton,
Your ticket has been created with the ticket ID 386027 and subject “ABUSE: Domain pointing to phishing website”
Someone from our customer service team will review it and respond shortly.
Regards,
WebNIC Support Team.
Let’s see…
I’ve tweaked the topic title as well in line with Dan’s edit
Thanks to whoever reported the site as phishing - Google SafeBrowsing is now picking it up and blocking it in supported browsers
That’s the best thing you can do whenever you spot these to get these down quickly - report it to SafeBrowsing and also do a WHOIS and report it to the domain registrar’s abuse line as @davidwalton did
It would be a 
in this case
Crikey the scams are looking a lot more realistic these days
That was just me clicking past the phishing warning from Google to take a quick nosy without entering any details obvs
Yeah, and even more worrying is you enter a fictional email to check what error-checking they’re using and it seems like none. But then you get to the ‘password’ stage and a fictional password entered at that point results in an error.
So they are also replicating a magic link process - by asking for a valid email address they can send something (like a magic link) to. I am NOT going to enter one of my valid emails to test this out, but it seems to be a well-thought-out cyber-theft process.
I entered my details
Rejected my first password attempt but was fine with my 0000 pin
