Millions of Monzo customers are being centered by phishing assault looking to obtain sufferer passwords and different login credentials and take over their digital identities.
Monzo is one of the United Kingdom’s biggest cloud banks, supplying a fully online banking platform, and MasterCard debit cards, among others.
The employer took to Twitter to notify users of the phishing campaign going around, and to help them stay secure. In a Twitter thread, it explains that an unknown threat actor is sending out SMS messages to Monzo customers, in which they are asked to reactivate their session or verify their account through tapping at the link provided in the message.
On the endpoint smartphone, the sender’s name appears as MONZO, but the links as its standard practice with phishing attacks don’t lead to Monzo’s official website, but rather a fake landing page was created to steal personal credentials.
Should a gullible person click on any of these links, they’d be greeted with a landing page in contrast to Monzo’s respectable website, and a choice to add their complete call, telephone quantity, and the Monzo PIN – essentially everything an attacker would need to steal their identity and full access to their account.
Read More: Skype in the United States will now be able to make 911 calls from PC
Monzo wasn’t the only one investigating the issue. As said through BleepingComputer, safety researcher William Thomas turned into also looking into the matter, and found four more domain names on the equal ASN, this time targeting Revolut customers:
- revolut-cancel-support[.]com
- revolut-cancellation[.]com
- revolut-cancel-online[.]com
- Login-revolut-solve[.]com
“Studies into the domain itself via URLscan.io uncovered 33 other equal sites, dating again to 11 November 2021, Thomas explained.
“All 34 domains were hosted at the identical 3 CIDRs in Russian IP space with NForce entertainment (AS43350). Interestingly, the Monzo-themed domain names also used Guangdong-based Registrars (Eranet and NiceNic).”
Mixing Chinese registrars and Russian IP addresses, BleepingComputer concludes, makes it hard to attribute the assault to a specific group, or even difficult to take the campaign down. As standard, customers are advised no longer to click on any links or download any attachments, before verifying the identity of the send.
