Revolut Customers at Risk: Clues Lead to Russia
Fraudsters have once again targeted Revolut. Security specialists from CERT Orange Polska have observed increased activity from online criminals attacking from Russian hosting.
Revolut is already in Poland over 3.5 million customersso it is not surprising that this group constitutes the object of interest of fraudsters. CERT Orange Polska reported about new wave of attacks carried out via text messages. Orange network customers started receiving messages from senders pretending to be from this popular fintech. It is highly probable that similar attacks customers of other operators are at risk.
The clues lead to Russia
CERT Orange Polska warns that the sender of the message is “Revolut”which may seem more credible to many recipients. Other financial institutions mostly already have proprietary SMS overrides, so it is harder for criminals to impersonate.
The content includes a fairly typical pattern in such attacks. the threat of not verifying your email address or identity and therefore – account locks. The message ends with a link in a domain containing the word “Revolut,” so less attentive recipients could fall for it.
Criminals are taking advantage of several domains pretending to be fintechincluding revolut-verify-pl(.)com, revolut-verify-pl(.)net or accounts-revolut-email-pl(.)com. CERT Orange Polska analysis indicates that the attack was launched from the territory of Russia.
All the websites we monitor can be found under IP 91.202.233(.)36, in the well-known Russian hosting AS200593 (Prospero OOO). There are, apart from the above, also domains such as revolut-selfie-pl(.)com or revo-test(.)top
– reports CERT Orange Polska.
Revolut customers who fall for this can lose login and password to the financial service, along with unlocking it with a selfie.
If, in addition, you have a payment instrument connected that does not require additional authorization when topping up Revolut, the consequences can be very painful
– summarizes CERT Orange Polska.
A few days ago, specialists from Orange warned about a similar attack aimed at bank customers Alior Bank, BNP Paribas, Santander Bank Polska or Pekao. Holders of accounts in other financial institutions should also be careful.
