Online banking

Monzo phishing campaign targets online banking customers

A sophisticated Monzo phishing campaign appears to be targeting the British bank’s online customers.

According to new research, the digital banking platform is experiencing an ongoing phishing campaign targeting Monzo users and attempting to steal their accounts.

Security researcher William Thomas has released a new report on the Monzo phishing campaign, funding cyber actors targeting the bank’s ‘golden link’, which is sent to users to log in for the first time. time.

Digital banking has become increasingly popular in the UK as it allows users to open an account without having to visit a branch. Users simply apply, receive their golden link and register.

In a new report, Thomas explains that hackers begin the phishing process by taking a user’s email address and then a range of other private information.

“It first takes your email, then collects your email account credentials, then asks for your Monzo PIN, followed by your name and phone number,” Thomas said.

“These details are enough to compromise a user’s email account and Monzo account,” he added.

If users provide the requested details in the online form, threat actors have begun the process of obtaining and taking over a user’s account.

According to Thomas, when installing the Monzo app on a new device, such as the threat actor’s smartphone, the service sends the “golden link” to the new device along with a verification link.

With access to victims’ email accounts, hackers can simply click on this link and verify their device, giving full access to the Monzo account.

“Additional social engineering steps may be involved, but there are plenty of one-time passcode (OTP) stealing bots and other guides on how to trick victims into giving up access to striker,” added Thomas.

Thomas said threat actors used the Cazanova Morphine kit to create the Monzo phishing landing page.

Furthermore, he added that four domains were noticed on the same ASN, which targeted users of Revolut, a popular online payment service.


Recommended


“Searching the domain itself via URLscan.io uncovered 33 other identical sites, dating back to November 11, 2021,” Thomas said in his blog post.

“All 34 domains were hosted on the same three CIDRs in the Russian IP space with NForce Entertainment (AS43350). Interestingly, the Monzo-themed domains also used two Guangdong-based registrars (Eranet and NiceNic ).

Monzo had previously been revealed to have poor security when it comes to online services, according to a study.

Consumer Watchdog Which? saw fifteen banks’ security system protocols tested by a team of volunteers, while cybersecurity firm 6point6 deployed experts to test defenses in September and October last year.

In mobile banking, Monzo came last, with 46%. It scored three out of five for logging in and encryption, four out of five for account management, but only one out of five for browsing and logging out.


Get the latest DIGIT news straight to your inbox

Our newsletter covers the latest technology and IT news from Scotland and beyond, as well as in-depth articles and exclusive interviews with personalities and rising stars.

Click here to subscribe.




Source link