Customers of Revolut, the banking services provider, have been targeted by a series of scam texts and malicious Google ads. Scammers are employing phishing texts and elaborate advertising that contain bogus phone numbers in order to steal data.
According to the UK consumer advice website Which?, one victim has lost nearly £8,000 as a result of a malicious attack. It says that last week alone five people got in touch with them after receiving text messages, which had apparently been sent from Revolut with most stating ‘your account has been temporarily locked’.
People receiving the messages were also asked to click on a link and update their photo ID. Other messages have referred to authentication codes and have asked recipients to visit a web page if they ‘did not request this code’.
The web addresses used in the links take unsuspecting users to fake sites, with carefully adjusted URLs such as the https://revoiut.help example on the Which? website that used an ‘i’ instead of an ‘l’.
There have been other variations on the theme, with one text appearing to come from revolut-supportgb.co, but with another web address disguised behind it. Revolut has previously warned of scammers posing as their phone support agents in a blog post at the beginning of January.
The consumer who lost £8,000 called a number that appeared on a fake Revolut Google advert. After being told to resubmit his ID following an email saying it had expired, he used Google to search for a Revolut phone number in order to confirm everything was legitimate.
During the course of speaking to people purporting to be from Revolut, he was told to download a remote access tool called TeamViewer QuickSupport. This gave them access to his mobile phone in order to verify his account, via the Revolut app. As a result, the victim had £7,938 removed from his account. Revolut has since reimbursed the customer in full.
A spokesperson for Revolut told Which?: “Revolut takes the protection of all our customers extremely seriously. We are fully aware of the industry-wide risk of customers being duped by organised criminals. Our sophisticated and comprehensive anti-fraud systems have a very strong track record of preventing and reporting fraudulent transactions.
To ensure our customers are alert to the risk of fraud, we regularly send alerts and general security advice via in-app notifications, email, social media and our blog. We know how stressful these situations can be for customers and do everything possible to help victims of fraud retrieve their funds.”
The consumer advice website underlines that you should never be asked to share your login details, one-time password or asked to install anything on your phone. Similarly, if someone claims to be from Revolut over the phone, ask them to send you an in-app message to confirm that they are a real agent.