It wouldn’t surprise me. Ireland is at the centre of the Venn diagram:but it claims Ireland is the most phished country in the world
Without knowing the details it is very hard to say. But if they had access to their account already and were able to see transactions why would they even need to call the person to steal money from them. It is possible the scammers just guessed. Maybe the didn't mention values of transactions and just said they can see a transaction from Tesco and a transaction from Amazon. That won't fool everyone but with these scammers it is a numbers game. You ring a load of people and hit them with this type of thing and a few bite. It doesn't have to be incredibly plausible and fool proof.In one case I heard on the radio, the person who was defrauded received a call from the scammers, purporting to be their bank (Revolut). They said they trusted the caller because they were able to list their last few transactions. They then went on to describe how they were scammed out of the money in their account. Not one person on the radio segment referred to the fraudsters knowing the transactions. To me it appears that the account was already compromised, and all the fraudsters needed to do was to scam the user into approving a fake transaction.
It appears to me that the only ways they could have known the transactions are :
(1) User's account was already compromised via phishing (or device hack)
(2) Family or friend had access to the account
(3) Fraud within Revolut
(4) Technical "hack" of Revolut
(IMO - listed in order of likelihood)
It is probably the calls that say you have been charged for amazon prime on your Revolut account and ask is it authorised. Those people hang on the phone then get put through to what they are told is revolut support. The scammers tell them they will block the card and refund the payment but they need some details first. Maybe even scare them a little bit and say there are transactions for hundreds or thousands coming through.So what is the most likely thing happening here?
1) People are clicking on some link and their phone is compromised.
2) They don't realise that their phone has been compromised.
3) The scammers are in control of the phone.
4) They find the credit card details on the phone (?)
5) They apply to add them to Apple Pay or Google Pay on their own phone.
6) Revolut sends a code to the compromised phone which the scammers have access to.
7) They complete the addition of the card to Apple Pay and then spend the money.
8) They do this during the night so that the victim is asleep and does not notice it.
In the morning they see that their Revolut account has been cleaned out.
They complain to Revolut but Revolut tells them that they authorised the addition of their phone to Apple Pay which their phone did.
I imagine it is mainly Revolut being reported because they are targetted more and also they seem to say tough luck to most people getting scammed. It happens to other banks as well but those banks are more likely to suck it up and give the person their money back. You are less likely to go to the papers and the story is less likely to get published if the person got their money back.How could I tell if my phone is compromised?
Why is it only Revolut which is being reported? Is it also happening to BoI and AIB customers? We would expect to hear from BoI and AIB customers to say "My account was cleared out while I slept but when I phoned AIB the next morning, they refunded me the money in full."
My assumption is that, in this case, the account was compromised, but not the phone/device. So, they could initiate a transaction, but needed the customers unwitting cooperation to authorise any codes sent to their phone. Obviously this is just a guess on my part, but is definitely one way to successfully scam someone !Without knowing the details it is very hard to say. But if they had access to their account already and were able to see transactions why would they even need to call the person to steal money from them.
Keeping £40,000 in your Revolut account isn't a good idea.Here is a case in the UK, where the guy lost £40,000. But he admits that he gave the code to the fraudsters thinking he was dealing with Revolut's anti-fraud staff.
I’m a victim of scammers. But Revolut says ‘no’ to a refund
The company seems to hold me entirely responsible for the fact £40,000 was stolenwww.theguardian.com
Keeping £40,000 in your Revolut account isn't a good idea.
That's a good point. What annoys me with N26 is that the log in is a saved password (biometric is the only other alternative) so if I had that app on the phone I walk around with and someone had access to my phone they'd be in to the app (although to do transfers etc would have to use a pin). Hence I don't.One potential security weakness with Revolut I just noticed. When users log in with their passcode, each digit briefly lights up when being tapped. This means that anyone able to capture & record what's happening on someone's screen knows their Revolut passcode. None of the other banking apps I use do this. Maybe one reason Revolut accounts seem to get hacked so much.
One of the classic examples of fraud is the "Evil Twin" fraud. This is where someone sets up a near duplicate (In terms of look and address) of a publically available wi fi system. Often done at airports where tourists coming in are perhaps nervous around data usage. Person clicks on the link and then thinks they are added to a legitimate wi-fi system when in reality they are on the fraudulent "evil twin". If they then carry out a transaction using Revolut, the fraudsters will capture the details and that should be enough. If they've not used any other financial apps, then the fraudsters may not have got those log ins.How could I tell if my phone is compromised?
Why is it only Revolut which is being reported? Is it also happening to BoI and AIB customers? We would expect to hear from BoI and AIB customers to say "My account was cleared out while I slept but when I phoned AIB the next morning, they refunded me the money in full."
I’m not a tech guy but I assume that a bank’s servers communicate with the device using encryption.If they then carry out a transaction using Revolut, the fraudsters will capture the details and that should be enough.
Every site uses TLS encryption these days. Just look at the URL for this site. It begins with https. So there's no way for the Wi-Fi hotspot to snoop on the traffic. And if they tried to spoof the website (man in the middle attack), then they wouldn't have a valid TLS cert, so it would fail. And if they tried to downgrade the traffic to plain http, the browser would flash a warning.It's correct to assume that encryption should be in place but there are ways around it. For example, in a lot of public wifi's they ask for an email address and password and a lot of people are lazy and will just use their standard password. Secondly, once that is done, you may get asked to tick a box and unknown to yourself, download a rogue cert etc. Suddenly the fraudster may have your core details, a rogue cert on your phone and an ability to perform as a "man in the middle" and intercept your data. How many of us have ignored an SSL certificate warning. ?
Most attempts will fail, but they only need a handful to make a very good living for the fraudsters
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?