Monzo, a well-known digital-only bank, has taken to Twitter to warn its customers about fake text messages which attempt to trick them into handing over their login details on spoof websites.
Like many similar scams, the text messages pretend to be official, claiming that users need to ‘reactivate their session’ or that a replacement card has been sent out and – if they didn’t request this – they need to click on the link.
There are other messages, too, that seem worrying enough that it’s worth tapping the link to find out what’s going on. If you do, chances are you’ll be asked for your account details, which the hacker could use to steal your money, and possibly your identity as well.
It isn’t only text messages. Hackers are also sending fake emails that look similar to those from Monzo with the ‘golden link’ that logs you into your account, so be vigilant with those, too.
Monzo’s tweet – below – reminds customers that it doesn’t send text messages asking people to verify their accounts, or indeed to log into any website to confirm your details. And no other bank or reputable financial institution or retailer will ask you to do this either.
FRAUD ALERT: PHISHING SCAMS
Is that text from your bank, actually from your bank?
We’d never send you a link to verify your account via text, or ask you to log in to a website to confirm any account details.
Here are the red flags of a phishing scam…
— Monzo (@monzo) February 16, 2022
As ever, the messages range from fairly convincing to downright obviously fake, even failing to spell Monzo or other words correctly.
As Monzo has pointed out in its thread on Twitter, the red flags are always there and shouldn’t be too difficult to spot.
- Look for the sender’s name. It shouldn’t be Monzo. It may have a full stop after it, or might be spelled incorrectly. It may even be a standard mobile phone number.
- Look at the link. This won’t be Monzo’s official website (which is simply monzo.com). Instead it will include the name monzo, but add other words, such as monzo-limited or monzo-replacement. It might also be a completely different URL, with Monzo included after the domain name.
- Look out for typos. These scam messages almost always contain errors, whether incorrectly spelled words or words capitalised when they shouldn’t be.
- Log into your account and check for messages. Use the official app or go to the official website and check in your account for any messages informing you of a problem. If there aren’t any, that’s yet another sign the text message is fraudulent.
Plus, in addition to these tips, it’s worth running good security software on your computers and phones that can flag potentially dangerous messages to warn you. Norton 360 Deluxe can, as can McAfee Total Protection.
Monzo is far from the only bank the scammers are targeting. We’ve seen the same sorts of messages sent to Lloyds customers, and there are reports that Revolut customers are being targeted right now. But you should be on your guard no matter which bank(s) you use.
And bear in mind that you could receive these messages even if you’re not a customer of the bank in question. The hackers want your personal details either way.
Related articles for further reading
- 10 security tips everyone can use for a safer internet every day
- All security news
- Best antivirus software for Windows (plus free options)
- Best antivirus deals