Millions of pounds were swiped from Barclays accounts in a series of coordinated cyberattacks by a fraudster using a Monzo account and a payments initiation service provider (PISP), The Telegraph reported.
PISPs are a newer concept, introduced by the revised European Payment Services Directive (PSD2), and give retail customers the ability to pay companies directly from their bank account instead of using a debit or credit card.
“There is nothing new or different about a fraudster’s approach to these cases that are specific to using a PISP,” a Barclays spokesperson said, per the report. “It is the same type of social engineering to convince victims to share passcodes/Pinsentry codes as is done to defraud customers through traditional channels. We regularly warn customers to never give out their Pinsentry codes, passcodes or any passwords to prevent this type of fraud from happening.”
The cyberattack comes on the heels of an antitrust probe into Monzo by the Financial Conduct Authority (FCA). Monzo, a London challenger bank, is accused of being in violation of financial crime controls and anti-money laundering (AML) mandates.
Re: Barclays Hacked by Cyberthieves Using Monzo Account, PISP
That's both interesting and ugly, but I do find the article title a little misleading. From reading the content this doesn't read like Barclays itself was compromised, more like it's a case of Barclays accountholders being victimized by being tricked via phishing attacks into disclosing their login credentials.
It's a painful reminder of why one needs to be suspicious whenever an unsolicited email is delivered that asks you to click on a hyperlink, even more so if it directs you to a splash page with a login.