arrow-left arrow-right brightness-2 chevron-left chevron-right circle-half-full facebook-box facebook loader magnify menu-down rss-box star twitter-box twitter white-balance-sunny window-close
Suspicious activity...
2 min read

Suspicious activity...

This is the first in a number of posts that will outline one of the most avoidable frauds I have ever seen.  As you know I have seen a few.

This time a elderly and vulnerable customer has lost over £50,000 and despite numerous efforts to contact the bank (Monzo), they were unable to detect the fraud nor able to respond to a customers efforts to make contact.

The facts seem to be:

On the 15th July, the Monzo customer was initially contacted via SMS by a criminal gang posing as a member of the bank's fraud department and informing them that they would receive a call from the bank.  The customer was then contacted by a female criminal "Zara" who provided sufficeint information about the their account (numbers, amounts and saving account information) that no suspicion was raised.  She went on to inform the customer that there had been an attempted fraud on their account.  Zara said that someone would call back at 9 am the following morning.

When no call was recevied on the 16th, the customer emailed Monzo using their, explaining that Zara from the fraud department had explained the attempted fraud but had not received the promised call back.

At this point in the story, the criminals had managed to transfer £21k mainly using Monzo's internal peer-to-peer technology to a chap called Joshua Osei.  For clarity, Joshua was already a bank customer but was NOT know to the victim.  On the 15th & 16th the criminals initiated and a series of 8 transactions to the same person, to the value of £19,000, without raising any internal suspicion.  During this attack, the gang also managed to initiate a faster payment transaction for £1,999 to an Erika Ferreria (also not know to the victim).

By the end of the 16th of July, no more funds were in the current account and the gang had to make contact with the victim to transfer additional funds from their savings account.  Under the seeminly credible guise of the fraud department and with trust now established with the customer a request was made (by the customer) for fresh funds and the gang waited until the 23rd before re-establishing contact.

In the meantime, having heard nothing from the bank via email, the victim got in touch with Monzo via their mobile app to check the bonafides of the fraud department's Zara.  The full chat transcipt has been added to the bottom of this post for transparency and training purposes.  It seems that the bank was unable to establish meaningful contact with the customer nor take any measures to enhace the account's security.

The gang contacted the victim on the 23rd and over the course of 2 days (with the victim's help) they managed to set up 11 new payees (see below) and transfer over £30k to them without triggering any internal alarms.

The Lucky Prize Winners

  • Daniel Osinimega Bamidele
  • Alhadsan Kehder
  • Jack Khambay
  • Jared kallah
  • Jayden France
  • Alexander Meares
  • J I Marsh
  • Chuck Scotland
  • Nicola Mcghee
  • Andrew Patrick
  • Jake Mudd (Faster Payments)

The transcript below is the chat conversation that the customer had with Monzo:

Enjoying these posts? Subscribe for more

Subscribe now
Already have an account? Sign in
You've successfully subscribed to ten20four.
Success! Your account is fully activated, you now have access to all content.