Phishing, SIM Swap scams, and how to avoid them 🐟

Imitation may be the most sincere form of flattery, but criminals pretending to be Revolut staff in order to harvest your account details is unacceptable. Thankfully, our 6 million-strong Revolut community is quick to identify the fraudsters, and together we’re taking down more of them than ever, faster than ever.

This page gives you an overview of what we at Revolut have in place to help protect you from phishing scams, and other forms of manipulation and theft, as well as what you can do to protect yourself.

What is phishing?

Phishing, like most online scams, refers to an attempt by criminals to access your account through lies, deception, and manipulation. Most often, they pose as legitimate Revolut employees, and may try and trick you into thinking that they’re part of our support team. Some claim to work for a verified Revolut partner agency, and some, believe it or not, even pose as automated chatbots.

The goal of a phishing scam is to trick you into giving up your account details, including your password, pin, card number, and so on. Fraudsters will almost always approach you with an unsolicited message, saying that there’s a problem with your account. We will never do this.

Beware SIM Swap

One type of scam that we see a lot relates to scammers taking control of your phone number. This is known as SIM swapping, and here’s how it works. Fraudsters begin by gathering personal information about you. They might look through your mail, stalk your social media accounts, or even buy certain pieces of data from the dark web.

Once they have enough information, the fraudster will contact your mobile provider, posing as you. They’ll trick your provider into initiating a SIM card swap, which involves deactivating your current SIM card, and transferring your number to a new SIM card in their possession. The result? All calls and texts to you, are routed to the fraudster instead.

Recognising SIM Swap before it’s too late can be difficult. Extended periods without a phone signal, or not receiving calls or texts, could be a sign that something is wrong. In this instance, it’s a good idea to get in touch with your provider.

Some important steps to take

Since many financial institutions rely on collecting your phone number for second factor authentication, we recommend that you also take steps to prevent SIM swapping. Set up a strong PIN or passcode on your telecommunications provider’s website, one which must be requested before any attempt to port your phone number to a new device is made.

Secondly, pay special attention to email or SMS notifications from your telecommunications provider about unusual activity on  your account.

Thirdly, for extra security, we suggest that you call up your telecommunications provider and set up a “Do not port” or an equivalent lock on your account. This would mean that moving your phone number to a new device would require you to verify your identity, which would make it harder for scammers to port your number.

How to protect yourself

In the section below this one, we detail some of the things we have in place to help keep you safe — but you also have a role to play. Here are the most important things to remember.

• Revolut staff —even those on in-app chat support— will never ask for your app PIN, card PIN, or any passwords. If someone claiming to be from Revolut asks for any of these, take a screenshot and report them via the in-app chat straight away
• We will only communicate with you about the particulars of your account via our dedicated in-app chat support. If you email with any member of the Revolut team, this will happen first through chat support
• Always use the most recent version of the app (download via Apple App Store or Google Play Store)
• Revolut does not offer account support via social media, or through any partner agency. If you contact (or are contacted by) anyone claiming to be a Revolut agent outside of the app, it is a scam
• ‘New device’ notification emails are a sign that there may have been unusual activity on your account. If you didn’t request a new password, or try and log in from another device, contact us via chat support right away

How we protect you

We have multiple teams at Revolut dedicated to keeping your account safe. Below are some of the things we’re doing —and which you can be a part of— to keep your account safe.

• Facial recognition — Revolut gives you the option to log into your account using Apple Face ID and face authentication on Android. This is recommended to help keep your account safe and secure
• Customisable features — You can choose to turn off certain features of your Revolut card to mitigate the risk of fraud. This includes disabling ecommerce payments, ATM withdrawals, contactless and swipe payments
• Disposable virtual cards — In addition to physical cards, you can add disposable virtual cards to your account. These cards can be used once for online payments, before being destroyed and their numbers replaced. This makes it impossible for them to be used more than once
• Sherlock anti-fraud system — We use this system to get real-time alerts of fraudulent activity, allowing us to act fast
• 3D Secure (coming soon) — In the next few weeks we’ll introduce 3DS for all Revolut customers. With 3DS, when you make certain ecommerce payments (at the discretion of the merchant), you’ll receive a mobile notification from Revolut, asking you to log-into your account and verify that payment

No security system is 100% foolproof all of the time, which is why it’s important for everyone —that means you, and all of us at Revolut— to remain vigilant in order to keep ourselves safe.

Follow the tips on this page, and you stand a better chance of avoiding the scammers. In the meantime, make sure that you have the latest version of the Revolut app installed.