07/03/2024
SCAM⚠️⚠️⚠️ ALERT TO ALL OUR⚠️⚠️⚠️
REVOLUT CUSTOMERS
Revolut account takeover fraud
These fraudsters pretended to be calling from the Revolut fraud team about suspicious activity and managed to pass a series of security checks to hack into their accounts.
Revolut investigated both cases and emailed each customer to confirm that it will not refund their losses, because its multi-factor authentication checks were completed in each case, including:
an email to their registered address asking them to confirm login on a new device (Revolut told both victims this was either clicked or shared with a third party).
an SMS to their registered phone number with a security code (Revolut said these were successfully entered).
a ‘selfie’ photo which allowed access to the account (Revolut said its records show the 'selfie' check was passed in both cases).
Following the successful authentication, Revolut said it completes 'transaction monitoring reviews for subsequent transactional activity'; yet once their apps had been breached, the scammers made multiple transactions per minute, draining both accounts with ease.
‘£180k was transferred out of our business account in an hour’
Tom (not his real name), age 29, told us he received two calls in quick succession from a private number and only decided to pick up because he was expecting a call from a contractor.
He told us: 'The caller says they are from the Revolut fraud protection team and explains that there have been suspicious transactions on my account. They think my account has been compromised. Initially, they ask quite a lot of questions, about anyone having access to the account. No one else did have access. Throughout the call they applied pressure and kept passing me to different "departments" in the company.'
While on the phone, Tom received an email from Revolut to confirm login from an unknown device. He was instructed to reply to this request with the words 'block request', then remove and reinstall the app. This triggered a security code sent by text, which he shared to reset his security details. In reality, this enabled the fraudster to pass one of Revolut's security checks, though it remains entirely unclear how they were also able to provide the 'selfie' photo that enabled them to take over the account.
Cleverly, the scammers set up various HSBC accounts that appeared to be named 'Revolut fees', 'Revolut fees care' and 'Etsy'. When they triggered security codes for these new payees (starting with small payments of around £20), Tom assumed they were legitimate and confirmed the checks.
Once unleashed, the criminals made 140 transactions in little more than an hour, including various card payments made in AED (a currency the account has never used). In total, they stole £180,000, but they weren't finished yet.
Next, they told Tom to visit a website called ‘revolutchatwithus.web.app’ to secure his laptop. This appeared to connect him to Revolut via a screen-sharing and remote access tool called AnyDesk, as you can see from the images below. His screen went blank giving the scammers the opportunity to get into his Wise account (as he was already logged into this account on his laptop) and move £82,000 to his Revolut account.
A notification from Wise appeared on his phone and broke the spell. He hung up, exited the AnyDesk sharing session and contacted Revolut about the fraud. Revolut only offers a chat feature to report fraud which meant Tom had an agonising wait for his account to be secured. He told us his card was frozen at one point but the fraudsters were able to unfreeze the card via the app and complete more transactions until every penny had been taken.
Only one Wise payment was recovered and Revolut cancelled around £15,000 worth of transactions, leaving Tom's total loss at £165,000.
