Monzo, a well-known digital-only bank, has been warning its customers for years about about fake messages which attempt to trick them into handing over their login details on spoof websites.
These can be emails, but also text messages which – at a glace – look official, but are from scammers. Back in February Monzo took to Twitter to alert users about the latest texts which claim that users need to reactivate their session or that a replacement card has been sent out. The messages also say that – if the user didn’t request this – they need to click on the link.
Two months on from that Twitter warning, the text messages continue to arrive and play on your fear of losing the money in your account to tempt you to click on the link to check what’s going on. Ironically, doing so could very well lead to that happening.
If you do tap the link, chances are you’ll be asked for your account details, which the hacker could use to steal your money, and possibly your identity as well.
Hackers are also still sending fake emails that look similar to those from Monzo with the ‘golden link’ that logs you into your account, so be vigilant if you receive one of those, too.
Monzo’s tweet – below – reminds customers that it doesn’t send text messages asking people to verify their accounts, or indeed to log into any website to confirm your details. And no other bank or reputable financial institution or retailer will ask you to do this either.
🚨 FRAUD ALERT: PHISHING SCAMS 🚨
Is that text from your bank, actually from your bank? 👀
We’d never send you a link to verify your account via text, or ask you to log in to a website to confirm any account details.
Here are the red flags of a phishing scam…
— Monzo (@monzo)
February 16, 2022
As with other similar scams, the messages range from convincing to downright obviously fake, with some scammers even failing to spell Monzo or other words correctly.
As Monzo has pointed out in its thread on Twitter, the red flags are always there and shouldn’t be too difficult to spot.
Look for the sender’s name. It shouldn’t be Monzo. It may have a full stop after it, or might be spelled incorrectly. It may even be a standard mobile phone number.
Look at the link. This won’t be Monzo’s official website (which is simply monzo.com). Instead it will include the name monzo, but add other words, such as monzo-limited or monzo-replacement. It might also be a completely different URL, with Monzo included after the domain name.
Look out for typos. These scam messages almost always contain errors, whether incorrectly spelled words or words capitalised when they shouldn’t be.
Log into your account and check for messages. Use the official app or go to the official website and check in your account for any messages informing you of a problem. If there aren’t any, that’s yet another sign the text message is fraudulent.
Plus, in addition to these tips, it’s worth running good security software on your computers and phones that can flag potentially dangerous messages to warn you. Norton 360 Deluxe can, as can McAfee Total Protection.
Monzo is far from the only bank the scammers are targeting. We’ve seen the same sorts of messages sent to Lloyds customers, and there are reports that Revolut customers are being targeted right now. But you should be on your guard no matter which bank(s) you use.
And bear in mind that you could receive these messages even if you’re not a customer of the bank in question. The hackers want your personal details either way.
Related articles for further reading