We are aware that some of our clients may be receiving fraudulent SMS’s, seemingly coming from Moneybase, that encourages them to open a web link that leads to a website that may look similar to the official Moneybase site.
The fradulent SMS leads to a link that asks a user to enter their mobile number, their passcode as well as the one-time password sent via SMS into the fictious website. If a customer falls for this trick, and enters all of this information, the hacker would then attempt to use the same credentials to login to the real Moneybase platform.
This is what is called a phishing attempt, a global phenomenon affecting that target online platforms worldwide and that has been especially prevalent during the holiday period globally. It is very important to protect oneself against phishing in general, this applies to for all websites and platforms and the key is educating oneself.
Whilst we are always monitoring closely and there is no cause for concern, it is very important to educate users since this type of scam can only work if the user mistakenly enters all their credentials several times into a fraudulent website that is pretending to be moneybase. Even if this happens we are able to identify such events.
Never the less it is very important to adhere to some easy-to-understand tips to explain how you can easily avoid falling a victim and protect yourself. This is easy provided you follow a few simple rules.
-
The first and most important rule is easy, simply do not to click on any SMS links. We will never send any SMS with weblinks and you should never reply to such an SMS.
-
Do not input any login details into a website that you accessed from a link in an SMS. These may be used in an attempt to maliciously to take over your account be it a Moneybase account another other financial services provider’s account.
-
Be vigilant and do not act impulsively. This may sound simple, however in today’s fast paced world, people tend to click on SMS or emails they receive impulsively without verifying it is genuine. Delete any suspicious SMS’s or emails and report them to us or to your respective provider.
-
If you received a fraudulent SMS and accidentally clicked on the link and also entered any information, do not panic, however call us immediately on +356 25 688 688. We are here to help you 7 days a week!
-
Look out for spelling and grammatical mistakes. These can be in the sender’s name, in the text or in the link provided within the message. Check your browser. The only web link you should access is https://www.moneybase.com or https://live.moneybase.com , make sure that the website is exactly a moneybase.com URL, or you are using our official iOS or Android apps called “Moneybase” or “Moneybase Invest” on a secure device that you trust. Check the spelling properly of emails and web pages. Fraudsters will try to use variations in spelling of domains to try to trick users.
-
If you receive an email, always check that the email address matches exactly what is expected. In Moneybase’s case we only send emails from exactly support@moneybase.com.
-
Never share your Moneybase One Time Passcode (OTP) that’s sent via SMS or generated by an Authenticator app. OTPs are used as a security mechanism to confirm your action, be it to login or otherwise. We will never ask you to share the OTP with anyone, including our employees.
-
If in doubt, there is no harm in calling us to verify! We are here to help.
-
Under no circumstances will Moneybase ever ask you to divulge any of your security details such as passcode or card PIN or security codes over the phone, by text message or via email. If someone claiming to be from Moneybase asks for any of these, take a screenshot and report them via the in-app chat straight away.
- We send ‘New device’ notification emails for each new device you use, if this was not you, it is a sign that there may have been unusual activity on your account. If you didn’t login using a new device, contact us via chat support or call us right away
Fraudsters try to use similar looking links such as this FRAUDULENT URL –> www.moneybasemb.com. As you can see the extra “mb” at the end makes this NOT an official domain.
How we protect you – Keeping you safe
At Moneybase, we go to great lengths to keep your account safe. We have several systems and monitoring teams that work round the clock to effectively prevent or block any abuse and fraud. Here are some of the measures we have in place to help keep you safe.
Customisable security features – You can choose to keep certain features of your Moneybase card switched off until you need them, to mitigate the risk of fraud. This includes disabling swipe, online payments and contactless. You may also disable ATM withdrawals.
Facial recognition – With Moneybase mobile app, you have the option to log into your account using Apple Face ID and face authentication on Android. This is recommended to help keep your account safe and secure.
Disposable virtual cards – In addition to physical cards, you can add virtual cards to your account and delete it after every use. These cards can be used just once for online payments, you can then delete it and generate a new card, this makes it impossible for a card to be used more than once.
Anti-fraud systems – We use real-time monitoring and alerts to stop any fraudulent activity, allowing us to act fast even if your account was compromised.
3D Secure2.2 – With 3DS, when you make ecommerce payments you will receive a mobile push notification that will allow you to approve or reject a payment will only be approved once you click on it in app.
Alerts – We send you New device login alerts, new bank transfer alerts, new card transaction alerts via push notification and email. We only allow one device per user.
PCI Certified – Our environment is PCI certified and fully encrypted,
However it remains important for users to always remain vigilant in order to keep safe, always use common sense.
More about phishing
Phishing is an online scam where criminals deceive you to obtain your account details including your password, pin or card number by sending you fake messages and hoping you give them information they can use to access your accounts.
Fraudsters will almost always approach you with an unsolicited message via SMS or email, saying that there’s a problem with your account. We will never do this.
SMS Text fraud
This happens when fraudsters send SMS messages that appear as if they are from your bank, a well-known company or a government agency. The aim of these messages is to make people give private information such as bank / card / account details, passwords and any other personal information such as mobile number. These text messages may not always be from unknown numbers. Some scammers use technology to make their messages look as though they are from someone, or a company known to you and which may already be on your contact list.
Messages indicating urgency are usually scams. These messages will try to create a sense of panic and fear so that you are more easily tricked into giving out personal or security details such as your passcode or one time passcode. They will typically ask you to take immediate and urgent action such as click on this link or call this number. They may call you after sending you a SMS text. They will use language that scares to take action. Here are some examples of typical scams and what a fraudulent SMS text can contain:
“You are probably aware that we have placed on hold your debit card, to remove this hold visit here.”
“Reactivate your account”
“Please update your account again.”
“A recent change requires your confirmation”
“Suspicious activity was noted on your account”
“Your account will be suspended if you do not take action”
“A transaction of a large amount of money took place”
“The security team needs to speak to you urgently”
“Your account was accessed”
“Your account is at risk“
“An unauthorised device was used to login into your account”
“Your account has been locked – follow these steps to unlock your account and reset your password“
Other types of fraudulent SMS examples
Attempted Payment: A payment was attempted from a new device or an unusual location. If this was not done by you, you are asked to login to a fraudulent website.
Attempted Sign-In: Account sign-in was attempted from a new device. If this was not done by you, you are asked to login to a fraudulent website.
Change in procedure: We are changing the way transactions are verified and you are asked to confirm your mobile number via a fraudulent website.
Blocked Account: Your account has been blocked / suspended or is about to be blocked / suspended due to suspicious activity. You are asked to verify your information through a fraudulent website.
Package Delivery: You have a package for delivery and you are asked to confirm payment by following a fraudulent link.
They can pretend to be a Courier, Water or Energy Provider, Government Entity or even a Moneybase employee to trick you into revealing your password, PIN, card number, etc.
Another common trick is for hackers to pose as legitimate company employees, and may try and trick you into thinking that they’re part of our support team. Some may claim to work for a verified partner agency, or even pose as automated chatbots.
Telephone Fraud
Telephone fraud are phone calls from fraudsters who pretend to be from your bank and urge you to give out your personal details, such as your client code, mobile number, card PIN number, Passcode and passwords. They can also ask you to move money from your bank account to another.
Some of these phone scams will seem genuine because they may use your name to address you or some other real information. They will also seem urgent such as they will tell you that your account or card is being blocked, so that you don’t have time to think and you give up the requested information.
These phone calls may not always be from unknown numbers. Some scammers use technology to make their calls look as though they are from your bank or from someone or a company known to you and which may already be on your contact list.
If you receive such a phone call, do not give any information but terminate the call.
Is the message or phone call relevant or expected? If not, ignore the message and delete it. Terminate the phone call immediately.
We may contact you for feedback about your experience with us, but when we do, we will never ask you for your account or card information.
Received a text or any suspicious communication?
If you receive a text or any other suspicious communication pretending to be from Moneybase, please tell us about it. If you believe your card has been used fraudulently, please contact us to fill out our chargeback form so we can help with the issue. If you notice an unrecognised transaction on your account, block your card immediately or call us . To block your card, Tap the card icon at the bottom menu in the app’ → find your card and select ‘Freeze’ and then “Block”.