19 November 2019

Phishing, SIM Swap scams, and how to avoid them ?

Written By Revolut in Cyber Security

Phishing, SIM Swap scams, and how to avoid them ?

Imitation may be the most sincere form of flattery, but criminals pretending to be Revolut staff in order to harvest your account details is unacceptable. Thankfully, our 6 million-strong Revolut community is quick to identify the fraudsters, and together we’re taking down more of them than ever, faster than ever.

This page gives you an overview of what we at Revolut have in place to help protect you from phishing scams, and other forms of manipulation and theft, as well as what you can do to protect yourself.

What is phishing?

Phishing, like most online scams, refers to an attempt by criminals to access your account through lies, deception, and manipulation. Most often, they pose as legitimate Revolut employees, and may try and trick you into thinking that they’re part of our support team. Some claim to work for a verified Revolut partner agency, and some, believe it or not, even pose as automated chatbots.

The goal of a phishing scam is to trick you into giving up your account details, including your password, pin, card number, and so on. Fraudsters will almost always approach you with an unsolicited message, saying that there’s a problem with your account. We will never do this.

Beware SIM Swap

One type of scam that we see a lot relates to scammers taking control of your phone number. This is known as SIM swapping, and here’s how it works. Fraudsters begin by gathering personal information about you. They might look through your mail, stalk your social media accounts, or even buy certain pieces of data from the dark web.

Once they have enough information, the fraudster will contact your mobile provider, posing as you. They’ll trick your provider into initiating a SIM card swap, which involves deactivating your current SIM card, and transferring your number to a new SIM card in their possession. The result? All calls and texts to you, are routed to the fraudster instead.

Recognising SIM Swap before it’s too late can be difficult. Extended periods without a phone signal, or not receiving calls or texts, could be a sign that something is wrong. In this instance, it’s a good idea to get in touch with your provider.

Some important steps to take

Since many financial institutions rely on collecting your phone number for second factor authentication, we recommend that you also take steps to prevent SIM swapping. Set up a strong PIN or passcode on your telecommunications provider’s website, one which must be requested before any attempt to port your phone number to a new device is made.

Secondly, pay special attention to email or SMS notifications from your telecommunications provider about unusual activity on  your account.

Thirdly, for extra security, we suggest that you call up your telecommunications provider and set up a “Do not port” or an equivalent lock on your account. This would mean that moving your phone number to a new device would require you to verify your identity, which would make it harder for scammers to port your number.

How to protect yourself

In the section below this one, we detail some of the things we have in place to help keep you safe — but you also have a role to play. Here are the most important things to remember.

  • Revolut staff —even those on in-app chat support— will never ask for your app PIN, card PIN, or any passwords. If someone claiming to be from Revolut asks for any of these, take a screenshot and report them via the in-app chat straight away
  • We will only communicate with you about the particulars of your account via our dedicated in-app chat support. If you email with any member of the Revolut team, this will happen first through chat support
  • Always use the most recent version of the app (download via Apple App Store or Google Play Store)
  • Revolut does not offer account support via social media, or through any partner agency. If you contact (or are contacted by) anyone claiming to be a Revolut agent outside of the app, it is a scam
  • ‘New device’ notification emails are a sign that there may have been unusual activity on your account. If you didn’t request a new password, or try and log in from another device, contact us via chat support right away

How we protect you

We have multiple teams at Revolut dedicated to keeping your account safe. Below are some of the things we’re doing —and which you can be a part of— to keep your account safe.

  • Fingerprint identification — Revolut gives you the option to log-into your account using your fingerprint. This is recommended to help keep your account safe in physical situations
  • Customisable features — You can choose to turn off certain features of your Revolut card to mitigate the risk of fraud. This includes disabling ecommerce payments, ATM withdrawals, contactless and swipe payments
  • Disposable virtual cards — In addition to physical cards, you can add disposable virtual cards to your account. These cards can be used once for online payments, before being destroyed and their numbers replaced. This makes it impossible for them to be used more than once
  • Sherlock anti-fraud system — We use this system to get real-time alerts of fraudulent activity, allowing us to act fast
  • 3D Secure (coming soon) — In the next few weeks we’ll introduce 3DS for all Revolut customers. With 3DS, when you make certain ecommerce payments (at the discretion of the merchant), you’ll receive a mobile notification from Revolut, asking you to log-into your account and verify that payment

No security system is 100% foolproof all of the time, which is why it’s important for everyone —that means you, and all of us at Revolut— to remain vigilant in order to keep ourselves safe.

Follow the tips on this page, and you stand a better chance of avoiding the scammers. In the meantime, make sure that you have the latest version of the Revolut app installed.

Up Next ...
18 November 2024

Quantoz Payments Issues Euro and US Dollar Stablecoins; Receives Backing from Major Crypto-Asset Firms

Quantoz Payments to receive investment from Fabric Ventures, Kraken and Tether

18 November 2024

AlpacaTech Introduces AI Data Cloud with MINKABU and Snowflake

The initiative reflects AlpacaTech’s mission to innovate financial solutions under the umbrella of SBI Holdings.

18 November 2024

Funding Challenges in FinTech: Insights from FinTech Connect

A FinTech Connect report highlights that while 72% of FinTechs actively seek investment, many encounter difficulties due to tightening funding environments and increased ...

15 November 2024

UK Fintech at the Core of Financial Services Strategy

This includes a digital market for private shares, a digital bond initiative, and enhanced anti-fraud measures across sectors

More in Cyber Security

SafeBase secures $33mn in Series B

02 May 2024

Revolutionising security reviews. In brief:SafeBase, a firm known for enabling friction-free security ...

Posted By The Community

Ransomware attacks: why businesses need a crisis management plan

02 April 2024

Ransomware attacks – in which hackers attempt to seize control of, and withhold access to, a target’...

Written By: Lockton

Clarity secures $16mn in seed funding

16 February 2024

In order to combat Deepfakes with AI cybersecurity.In brief:- Specialising ...

Klarytee Raises £700K Pre-Seed Funding

05 December 2023

Klarytee, a London, UK-based provider of a software platform that ...

White Papers Cyber Security

20 Best practice recommendations for improved cyber security protection

08 September 2021

P20 shared their new report on the 20 Best Practice Recommendations for Improved Cyber Security Prot...

Videos Cyber Security

COVID-19 - Anti-financial crime best practices

18 May 2021

How to Secure Online Bank UsersJoin experts from Tide, Fintrail and Jumio who will be sharing some i...

Articles Cyber Security

CyberSecurity in FinTech - How to Develop a Secure FinTech App

05 May 2021

Developing a secure FinTech application is a complicated, time-consuming, and, most importantly, exp...

Articles Cyber Security

Better by design? Re-thinking AML for a digital age

29 April 2021

We ask how the approach to AML can be improved: Can broader adoption of Artificial Intelligence and...

There are no Events in this category