[ad_1]
Final evening, I used to be lounging on the couch…
PING!
An SMS textual content message arrived on my cellphone. It claimed to come back from Monzo. I do have a checking account with Monzo, in order that didn’t look suspicious. And the message was grouped with all the opposite textual content messages I obtain from Monzo.
To keep away from points and stay verified with Monzo, please verify your account on the hyperlink under. https://monzo-log-in.com/
Would you will have trusted it?
I hope you wouldn’t. However I guess lots of people would. Particularly if – like me – you had been a Monzo buyer. And particularly because it was introduced alongside different messages from Monzo.
Fortunately I had my safety spider senses turned as much as 11, and so I knew higher than to click on on the hyperlink and enter my banking particulars.
However I did bravely go slightly down the rabbit gap to indicate you what you’ll have seen in case you had clicked…
Very first thing I noticed is that the web site the textual content message is linking you to, asks you in your e mail tackle. Monzo may be very a lot a digital financial institution, which you solely entry by way of an app. So far as I do know there’s *no* web site the place you’ll be able to login to your account.
Should you appeared up this explicit web site’s WHOIS entry you’ll additionally discover that it was solely registered yesterday. Hmm… that’s a bit suspicious isn’t it?
After all I didn’t enter my actual e mail tackle. Why would I need the scammers to know my e mail tackle? They already appear to know my cell phone quantity. So I entered a random e mail tackle as an alternative.
After which I used to be introduced with one other display, asking me to enter the PIN of my Monzo financial institution card. Ho ho ho, as if I used to be going to enter that.
At this level I despatched Monzo a tweet, telling them concerning the rip-off.
Hey @monzo. Somebody is making an attempt to phish your prospects… pic.twitter.com/Zz5CYnH41Q
— Graham Cluley (@gcluley) November 18, 2021
I additionally reported the URL to Google. In my expertise in case you try this Google can fairly rapidly shield billions of web customers, by displaying a warning dialog of their browser in the event that they try to go to the identical URL.
A fast trawl by way of Twitter uncovered that I wasn’t the one individual to obtain this explicit phishing message, and there are many different examples of Monzo banking prospects receiving textual content messages asking them to go to different dodgy URLs that faux to belong to Monzo.
Which leaves an apparent query. How did the scammers know to ship me and different Monzo prospects a textual content? I don’t obtain SMS phishing texts pretending to be from firms with which I don’t financial institution. Is somebody leaking the cell phone numbers of banking prospects, to assist phishers make their scams look extra reasonable?
Discovered this text fascinating? Comply with Graham Cluley on Twitter to learn extra of the unique content material we submit.
[ad_2]
