Smishing Campaign Targeting Monzo Bank Customers in Wild

Customers of Monzo bank in the UK are being targeted with a new phishing campaign, that’s aimed at stealing their bank accounts.

Starting with an SMS, the campaign hijacks both the email and bank accounts of an unsuspecting user and used them for stealing funds in it. The researcher who discovered this initially said having 2FA too can’t help in some cases.

Hijacking Monzo Bank Accounts

Monzo is a UK-based bank that’s completely digital and is one of the first banks to challenge the traditional banking system. It comes with a feature-rich app for accessing all the basic banking functions, and a virtual MasterCard to process online payments.

Smishing Campaign Targeting Monzo Bank Customers in Wild

Since its inception in 2015, Monzo has gained over four million users in the UK. And with that base, it’s become a fairly lucrative target for the scammers. And it’s happening! As per William Thomas, a security researcher, there’s an active Smishing campaign going against the Monzo customers in wild.

This starts with an SMS purported to be coming from Monzo and bears a link within asking the users to click on it. If did, it will take them to a Monzo-themed login page, which is actually a phishing site created by the threat actors. This page asks the users to enter their Monzo linked email ID, password, and PIN for the Monzo bank account.

Once entered, these credentials will be transported to the hacker’s server, which can be used for stealing funds or identity attacks. The researcher said using a 2FA too may not help, since the codes can be obtained by employing an OTP stealing bot on the victim’s phone.

Phishing pages involved in this campaign are;

  • monzo-notice[.]com
  • monzo-online-support[.]com
  • monzo-check[.]com
  • monzo-card-support[.]com
  • monzo-replacement[.]com
  • alert-monzo[.]com

The researcher said the threat actors could be hard to detect, as their identities are mixed. For example, the IP addresses of phishing sites are coming from Russia, while the domain registrars are based in China.

Monzo acknowledged this campaign and alerted its customers on such frauds. It advised them on how to behave in such situations, and be vigilant.

Other Trending News:-  News


Please enter your comment!
Please enter your name here