At The Identity Organisation, we're here to help!

    Or drop us a mail!

    Your privacy is important to us, and we want to communicate with you in a way which has your consent and which is in line with UK Law on data protection. As a result of a change in UK law on 25th May 2018, by providing us with your personal details you consent to us processing your data in line with current GDPR requirements.

    Here is where you can review our Privacy & GDPR Statement

    To remove consent at any time, please e-mail info@tidorg.com with the word "unsubscribe" as the subject.

    +44 (0) 1628 308038 info@tidorg.com

    New phishing campaign targets Monzo online-banking customers

    Online Banking

    Users of Monzo, one of the UK’s most popular digital-only banking platforms, are being targeted by phishing messages supported by a growing network of malicious websites.

    Monzo is a 100% online banking platform with over four million customers and among the first to challenge the traditional financial managing system.

    The mobile-only platform offers a feature-rich app, debit Mastercards, and a comprehensive yet not completely flawless fraud-detection system.

    According to a report by security researcher William Thomas, there’s an ongoing phishing campaign targeting users of Monzo and attempting to steal their accounts.

    The banking platform also posted on Twitter to warn its customers about the signs of fraud and what not to do when receiving a message that appears suspicious.

    In a new report, Thomas explains that the phishing process begins with the arrival of an SMS text showing Monzo as the sender’s name, asking the recipient to tap the provided link to reactivate their session or verify their account.

    The smishing messages that point to the phishing sites

    The users are taken to a phishing site that displays a fake email login form and then requests information about their Monzo account, including full name, phone number, and the Monzo PIN.

    If these details are provided, the threat actors now have everything needed to begin taking over victims’ Monzo accounts.

    When installing the Monzo app on a new device, like the threat actor’s smartphone, the service sends a device verification link for the first login to the user’s email address. As the threat actors now have access to victims’ email accounts, they can click on this “golden link” and verify their device, giving full access to the Monzo account.

    The severity of gaining access to this link is illustrated in the emails sent by Monzo, who warn that the link should never be shared with other people. If the email account is protected by 2FA, Thomas believes the adversaries can likely overcome it with additional social engineering steps or by employing OTP stealing bots.

    When Monzo wants to inform users about anything, it uses built-in app notifications or the account portal on the official website.

    With thanks to the Cyber Defence Alliance and BleepingComputer. The full story is here: https://www.bleepingcomputer.com/news/security/new-phishing-campaign-targets-monzo-online-banking-customers/

    Help keep your users safe from these phishing scams with Security Awareness Training.

    Request A Demo: Security Awareness Training

    products-KB4SAT6-2-1

    New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn’t a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4’s security awareness training and simulated phishing platform and see how easy it can be!

    Save My Spot!

    PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/one-on-one-demo-partners?partnerid=001a000001lWEoJAAW

    Sign Up to the TIO Intel Alerts!

    Back To Top