Two Revolut business customers have faced significant financial losses after falling victim to sophisticated account takeover scams, utilizing tactics that bypassed the e-money firm's security measures, including its 'selfie' checks. The incidents, which occurred in early February, involved scammers impersonating the Revolut fraud team and manipulating the victims into granting access to their accounts. Despite Revolut's multi-factor authentication processes, the criminals managed to drain one account of £165,000 and another of over £40,000, sending the funds to various HSBC accounts under criminal control.

Advertisment

How the Scams Unfolded

The fraudsters initiated contact under the guise of the Revolut fraud protection team, citing suspicious activities on the victims' accounts. Through a combination of social engineering and technical manipulation, they convinced the victims to share security codes and install remote access software under the pretense of securing their accounts. In one case, over 140 transactions were made in just over an hour, transferring a total of £180,000 to criminal-controlled accounts before the victim realized the deception. Another victim was tricked into visiting a fraudulent website, leading to further unauthorized access and financial loss.

Revolut's Response and Customer Outrage

Advertisment

Revolut has informed the victims that they will not be reimbursed for their losses, stating that the authentication checks were completed successfully. The firm acknowledged an uptick in advanced account takeover attempts across the industry and expressed continuous efforts to enhance fraud controls. However, the lack of immediate action to freeze the accounts upon detecting unusual activity and the refusal to refund the victims have led to public outrage and criticism of Revolut's handling of the situation. Both victims have been advised to escalate their fraud complaints to the Financial Ombudsman Service.

Banks' Role in Fraud Prevention

Concerns have been raised regarding the ease with which criminals can open and use bank accounts for fraudulent purposes, with six of the accounts involved in these scams belonging to HSBC. Banks have a duty to detect and prevent money laundering and fraudulent activities, highlighting the importance of robust fraud detection and prevention mechanisms. HSBC has stated its commitment to identifying and acting upon suspicious transactions among the millions processed daily.

These incidents serve as a stark reminder of the sophisticated tactics employed by criminals in executing account takeover scams and the critical need for continuous improvements in fraud detection and prevention measures. They also underscore the importance of customer vigilance and the potential repercussions of sharing sensitive information or granting remote access to devices. As the industry strives to stay ahead of these threats, the experiences of these victims highlight the ongoing challenges in safeguarding against financial fraud.