Do you have Revolut? Be careful with this – if you click, you will lose money
Criminals mass-send e-mails that visually imitate the platform’s official communications. The screenshot provided by CERT Polska shows that fraudsters are trying to make the victim feel threatened by informing about “recent activity that may require attention”. In the content of the message, cybercriminals step by step instruct the user to log in to verify the correctness of the data and complete the verification process.
The sneaky email contains a prominent “Go to account” button, however a trained eye will easily spot an amateur mistake scammers. The default, unconfigured template text of “© 2025 Your Company” was left in the footer of the supposedly official message.
Clicking on the link attached to the message is a simple way to lose your funds. The link does not take you to the Revolut platform at all, but to a specially crafted websitewhich is only used to steal login credentials.
Data entered on the fake website goes through directly to cybercriminals. With a login, password and a captured authorization process, attackers are able to take over complete access to the victim’s accountwhich consequently leads to the quick theft of the money accumulated on it.
How to defend yourself and where to report threats?
Experts from CERT Polska urge caution and verify every message allegedly coming from financial institutions. Before taking any action you should absolutely check the senderand make sure where exactly does it lead? link provided in the e-mail. The safest option is to ignore the link in the message and simply launch the official Revolut mobile app – all authentic security messages will be visible directly there.
Any suspicious messages, fraud attempts or fake websites should be reported to CERT Polska. This can be done in two convenient ways: through a dedicated form on the website incident.cert.pl or in the mObywatel mobile application, using the built-in one “Safely online” service.
