Revolut - Fraudulent Transactions

So what is the most likely thing happening here?

1) People are clicking on some link and their phone is compromised.
2) They don't realise that their phone has been compromised.
3) The scammers are in control of the phone.
4) They find the credit card details on the phone (?)
5) They apply to add them to Apple Pay or Google Pay on their own phone.
6) Revolut sends a code to the compromised phone which the scammers have access to.
7) They complete the addition of the card to Apple Pay and then spend the money.
8) They do this during the night so that the victim is asleep and does not notice it.

In the morning they see that their Revolut account has been cleaned out.
They complain to Revolut but Revolut tells them that they authorised the addition of their phone to Apple Pay which their phone did.
 
How could I tell if my phone is compromised?

Why is it only Revolut which is being reported? Is it also happening to BoI and AIB customers? We would expect to hear from BoI and AIB customers to say "My account was cleared out while I slept but when I phoned AIB the next morning, they refunded me the money in full."
 
losttheplot said:
but it claims Ireland is the most phished country in the world
Click to expand...
It wouldn’t surprise me. Ireland is at the centre of the Venn diagram:
1. English speaking - much easier for the organised crime groups as no language barrier
2. Spoofing numbers for calls and SMS seems very easy for Ireland. There seems to be no real action from regulator/industry yet
3. Member of Single Euro Payments Area (SEPA) means very easy to wire funds to another bank in another jurisdiction. Makes detection much more difficult
4. Increasing preference of merchants for card payments over direct debit/credit transfer/cash
 
euroDilbert said:
In one case I heard on the radio, the person who was defrauded received a call from the scammers, purporting to be their bank (Revolut). They said they trusted the caller because they were able to list their last few transactions. They then went on to describe how they were scammed out of the money in their account. Not one person on the radio segment referred to the fraudsters knowing the transactions. To me it appears that the account was already compromised, and all the fraudsters needed to do was to scam the user into approving a fake transaction.
It appears to me that the only ways they could have known the transactions are :

(1) User's account was already compromised via phishing (or device hack)
(2) Family or friend had access to the account
(3) Fraud within Revolut
(4) Technical "hack" of Revolut

(IMO - listed in order of likelihood)
Click to expand...
Without knowing the details it is very hard to say. But if they had access to their account already and were able to see transactions why would they even need to call the person to steal money from them. It is possible the scammers just guessed. Maybe the didn't mention values of transactions and just said they can see a transaction from Tesco and a transaction from Amazon. That won't fool everyone but with these scammers it is a numbers game. You ring a load of people and hit them with this type of thing and a few bite. It doesn't have to be incredibly plausible and fool proof.

I actually remember reading a few years ago that these scams usually are delibritely a bit dodgy sounding because they don't want to waste time of the person who is hard to scam. You make it sound a bit dodgy or not stand up to too much scrutiny and the people that are hard to scam will just hang up and the people who stay on the phone are the people that are more likely to fall for it.
 
Brendan Burgess said:
So what is the most likely thing happening here?

1) People are clicking on some link and their phone is compromised.
2) They don't realise that their phone has been compromised.
3) The scammers are in control of the phone.
4) They find the credit card details on the phone (?)
5) They apply to add them to Apple Pay or Google Pay on their own phone.
6) Revolut sends a code to the compromised phone which the scammers have access to.
7) They complete the addition of the card to Apple Pay and then spend the money.
8) They do this during the night so that the victim is asleep and does not notice it.

In the morning they see that their Revolut account has been cleaned out.
They complain to Revolut but Revolut tells them that they authorised the addition of their phone to Apple Pay which their phone did.
Click to expand...
It is probably the calls that say you have been charged for amazon prime on your Revolut account and ask is it authorised. Those people hang on the phone then get put through to what they are told is revolut support. The scammers tell them they will block the card and refund the payment but they need some details first. Maybe even scare them a little bit and say there are transactions for hundreds or thousands coming through.

Then I imagine they give out their card details, scammer adds it to apple pay or google pay and gets the 6 digit code from the person which the scammers tell them they need to reverse the transactions.
Brendan Burgess said:
How could I tell if my phone is compromised?

Why is it only Revolut which is being reported? Is it also happening to BoI and AIB customers? We would expect to hear from BoI and AIB customers to say "My account was cleared out while I slept but when I phoned AIB the next morning, they refunded me the money in full."
Click to expand...
I imagine it is mainly Revolut being reported because they are targetted more and also they seem to say tough luck to most people getting scammed. It happens to other banks as well but those banks are more likely to suck it up and give the person their money back. You are less likely to go to the papers and the story is less likely to get published if the person got their money back.
 
It's almost impossible to say what's going on with these anecdotal reports of "hacks" without specific details or a forensic analysis of specific cases. Ultimately everybody is guessing about what might've happened with little or no hard evidence to go on. And, as such, most of the resulting discussion is pointless other than to reiterate the usual advice regarding how best to maintain online/phone/banking security/safety. For example...
www.fraudsmart.ie

Online & Mobile Banking - How to bank safely online or via mobile - FraudSMART

Fraud attempts come in various shapes and forms and can be over the phone, online or face to face. Safe Online Banking Internet banking is a very convenient and efficient way to conduct your banking needs. With an increasing number of attempts by fraudsters to gain access to customers’ money, it...
www.fraudsmart.ie www.fraudsmart.ie
 
Last edited:
Connard said:
Without knowing the details it is very hard to say. But if they had access to their account already and were able to see transactions why would they even need to call the person to steal money from them.
Click to expand...
My assumption is that, in this case, the account was compromised, but not the phone/device. So, they could initiate a transaction, but needed the customers unwitting cooperation to authorise any codes sent to their phone. Obviously this is just a guess on my part, but is definitely one way to successfully scam someone !
I was surprised that no one noted that they knew the transactions, or enquired any further into this (on the radio).
As others have said, some detailed investigation of actual cases is needed to discover the actual issues.
 
tomdublin said:
Keeping £40,000 in your Revolut account isn't a good idea.
Click to expand...

Another bad idea is to try using it as your current account just because its free. If you have trouble with payments in/out it can turn into a nightmare if you can't talk to someone or it gets a long time to get to do so.
 
You must log in or register to reply here.
Back
Top