Monzo customers bombarded with phishing attacks
Date:
Mon, 21 Feb 2022 10:45:34 +0000
Description:
Unknown attacker with origins in China and Russia is stealing identities of Monzo users.
FULL STORY ======================================================================
Millions of Monzo users are being targeted by a phishing attack looking to obtain victim passwords and other login credentials and take over their digital identities.
Monzo is one of the UKs largest cloud banks, offering a fully online banking platform, and Mastercard debit cards, among others.
The company took to Twitter to notify users of the phishing campaign going around, and to help them stay safe. In a Twitter thread , it explained that
an unknown threat actor is sending out SMS messages to Monzo users, in which they are asked to reactivate their session, or verify their account, by tapping on the link provided in the message. TechRadar needs you!
We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and entrants from the UK and US will have the chance to enter a draw for a 100 Amazon gift card (or equivalent in USD). Thank you for taking part.
Click here to start the survey in a new window <<
On the endpoint smartphone, the senders name is shown as MONZO, but the
links, as its standard practice with phishing attacks, dont lead to Monzos official website, but rather a fake landing page created to steal user credentials.
So far, the following domains have been uncovered: monzo-notice[.]com monzo-online-support[.]com monzo-check[.]com monzo-card-support[.]com monzo-replacement[.]com alert-monzo[.]com Stealing identities
Should a gullible user click on any of these links, theyd be greeted with a landing page unlike Monzos official website, and an option to add their full name, phone number, and the Monzo PIN - basically everything an attacker
would need to steal their identity and gain full access to their account.
Monzo wasnt the only one investigating the issue, too. As reported by BleepingComputer , security researcher William Thomas was also looking into the matter, and found four more domains on the same ASN, this time targeting Revolut users: revolut-cancel-support[.]com revolut-cancellation[.]com revolut-cancel-online[.]com Login-revolut-resolve[.]com Read more
What is phishing and how dangerous is it?
LinkedIn is becoming a paradise for phishing attacks
How to shut down a phishing operation in 48 hours
"Research into the domain itself via URLscan.io uncovered 33 other identical sites, dating back to 11 November 2021," Thomas explained.
"All 34 domains were hosted on the same three CIDRs in Russian IP space with NForce Entertainment (AS43350). Interestingly, the Monzo-themed domains also used two Guangdong-based Registrars (Eranet and NiceNic)."
Mixing Chinese registrars and Russian IP addresses, BleepingComputer concludes, makes it hard to attribute the attack to a specific group, and
even harder to take the campaign down. As usual, users are advised not to click on any links, or download any attachments, before verifying the
identity of the sender. Here's our rundown of the best firewalls right now
Via: BleepingComputer
======================================================================
Link to news story:
https://www.techradar.com/news/monzo-customers-bombarded-with-phishing-attacks /
--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)