Anatomy of a Revolut scam: Peter watched helplessly as thousands drained from his account

We have covered scams on this page on many occasions – most recently last week – but we have never come across a story in which the victim has been able to document what is going on in real time, alert their bank to the problem before anything serious happens and still have thousands of euro stolen from them.

Nor have we seen with such clarity just how sinister and smart scammers can be when they have identified their target, and the speed and ruthlessness with which they can empty a person’s bank account.

This story starts on the evening of Monday, November 7th last year when a reader who we shall identify as Peter was at home. His phone pinged and he read a message from Revolut seeking approval for a purchase with John Lewis in the UK for £775.

“I declined, as it was not me,” he writes.

Supermarket ‘yellow pack’ was once ridiculed. Now Irish consumers love own brand. Here’s why it makes sense

---

What is your experience of the deposit return scheme?

---

When is Ireland not in Ireland? Airbnb gives reader runaround over voucher

---

Deposit return scheme: ‘I spent 90 minutes trying to return bottles. This scheme is vile’

---

That might have been the end of it, only it wasn’t. Not by a long shot.

Peter then opened the Revolut app on his mobile to find a way to report the fraud attempt and he accessed the live chat function.

He sent us a transcript of that live chat as well as details of how he lost close to €4,000 in a matter of minutes.

[ Young woman’s bank account emptied because of an unfortunate coincidence ]

His first interaction with Revolut started at 18:57 on that November evening. That was when he posted a message to say there had been an attempt to make a purchase on his card.

He communicated with a chatbot who called herself Rita for two or three minutes and told her he had been notified of an unauthorised transaction being attempted on his account. He was then connected to a human being.

We have changed all the names of the Revolut staff too and for the sake of clarity – not to mention brevity – not included every single message in the exchange which ran over several days.

November 7th

18:59 ROGER: Hi! Peter, my name is Roger. I can only imagine how stressful this must have been for you! Don’t worry, I will do my best to help you here. Would you be so kind to provide more details on the transaction you’re referring to?

19:00 PETER: Someone has sought authentication for a payment to John Lewis. I declined it as it was not me.

19:04 ROGER: I’m sorry to hear about this. Just to clarify here it’s a card payment or a transfer of funds attempt? Is it a payment to a merchant or to another Revolut user?

19:05 PETER: It was authentication for a payment in sterling to UK retailer John Lewis for nearly £800.

19:07 ROGER: Please allow me some time to take a look in to this and I will get back to you.

19:09 ROGER: Would you be so kind to provide the last four digits of the card you’re referring to when this was attempted?

19:10 PETER: Do not know if it was my metal or virtual card, I just declined the approval as it was not me.

19:14 ROGER: Would you be so kind to share the authentication payment message you receive?

19:15 PETER: How do I do that, it came via the Revolut app?

19:16 ROGER: Is the authentication you receive from your email or notification only? Do you see any unrecognised transactions on your transaction list too?

19:17 PETER: Notification via the app. Did not see anything but will check now... All seems good for transfers.

19:21 ROGER: I see and this attempt was a payment to a merchant that is trying to charge your Revolut card right, not a transfer of funds attempt?

19:21 PETER: Correct.

19:22 ROGER: Just to verify, have you shared your card details to a family member or friend?

We’re going to interrupt the chat briefly as the story is moving in a different and more sinister direction. Shortly after this message, our reader received a call which he believed to be from Revolut. He can take over this part of the story.

“While waiting for further live chat, I received a call from a person with a UK accent who identified themselves and told me he was from Revolut and an earlier attempted fraud had been escalated to him for investigation,” Peter writes.

Given that this was exactly what had happened, he had no reason to be suspicious.

The caller told Peter that it was his physical card which had been compromised and he detailed Peter’s phone number and address to confirm it was in fact Peter he was talking to.

“He asked me to close live chat. I now know this must have been a guess based on his knowledge of how Revolut worked and he told me to open my Revolut dashboard and review all transactions to see if there were any I did not recognise.”

[ Revolut users fall victim to convincing scam text message ]

To check his transactions he had to exit the live chat function of the app and, in doing so, Peter missed several follow-up messages from Roger.

The caller on the phone then “went through a spiel asking me to scroll through various aspects of the app to ascertain various settings. A general conversation ensued during which he told me they would be investigating the matter, etc, etc, and during a conversation lasting circa 14 minutes he said he was freezing my cards and that a notification would appear on the top of my screen with a code which he would need as final authentication to do so.”

Just as the caller said that, a message appeared on his computer screen that looked like it was from Revolut with a code which Peter shared with the person he was talking to on the phone.

“He concluded by saying a new card would take three-five working days to arrive and he would be calling back later once the account was made safe, and the card unfrozen.”

The call ended. It was now 19:45.

What's in the new cost of living package? / Scams target Revolut users

Listen | 44:47

A minute later Peter’s phone rang again and it was the same caller on the line. Peter was told that Revolut “would have to close the account and open a new one which would require me to take a selfie for verification purposes. He then sought to confirm my balance, this was the first time an alarm bell rang as I thought he should have known this. Then he closed by saying he would call back once the new account was ready.”

Pete was a little bit suspicious.

“I again opened live chat and queried if the call I had purportedly [received] from Revolut was legitimate.”

So now we go back to the live chat transcript.

19:47 PETER: I have had someone call me from Revolut, this was legit?

19:51: ROGER: Just to clarify here you have requested a call from us through this chat or someone called you directly? Can you provide the phone number of the call you receive?

My balance is now not visible and I see I am being bombarded with payment attempts

—  Reader

19:55 PETER: I received a call, they had my details, [he puts phone number here] with UK accent. Said it was my metal card that was used, cancelled my virtual card also and said will call back in half an hour to verify my ID to reactivate virtual card.

19:59 ROGER: I see, have you provided them any information like your card details or account?

There are a few more over and backs between Roger and Peter before Roger says he has “escalated” the issue. It is worth bearing in mind at this point that Peter has been in contact with Revolut for more than an hour and no money has been taken from his bank account.

20:07 ROGER: Thanks for patiently waiting. Upon checking here this is not a legit call from our team. Please bear in mind that the only true and relevant source of communication with us is in our Revolut chat and if you receive any suspicious links or phone calls, please don’t provide any information about your account, before confirming it with us on chat.

While our reader is on to Roger, he gets another call from the number that had called him previously and Roger tells him to ignore it. He does as he is told.

20:15 PETER: My balance is now not visible and I see I am being bombarded with payment attempts [from Sainburys].

There are several more exchanges before an increasingly panicked Peter tells Roger that someone is trying to link his card to Apple Pay.

20:22 ROGER: “It looks like your case should be handled by a more specific team, so I need to move this chat to our Escalations team. They are currently struggling with an increased number of cases so it may take a while, but I can assure you that they are doing everything in their power to provide you with an answer as soon as possible. It was a pleasure talking to you today and thank you for your patience.”

Peter then says there are “a mass of payments to Sainsbury’s coming through”.

20:23 PETER: Help!!!!!!

20:24: MICHAEL: Hello there, my name is Michael and it will be my pleasure to assist you today! Allow me just a few minutes to get acquainted with your case. In the meanwhile, if you have any questions, please feel free to ask me.

20:26 PETER: “I see nearly €2,000 gone from my account to Sainsburys in the last 20 minutes.

20:26 MICHAEL: Thank you for waiting. Before we can proceed, could you please be so kind as to provide me with a selfie of yourself while holding a piece of paper with today’s date (7/11/2022), time (20:26) and the word ‘Revolut’ next to your face, in order to confirm your identity?

There follows an exchange about how to do this after which Peter is asked some security questions and about the model of phone he is using.

He also tells Michael that he was sent a “verification code” on the screen and says the criminals “knew I was in app chat and said it had been escalated. I see my account is cleaned out.”

There were more exchanges after which Peter was logged out of all devices and told to change his passcode.

It is now 21:04 or more than two hours after he first made contact with the company.

Many more exchanges follow during which an increasingly stressed Peter is looking for clarity as to what is going on.

22:07 MICHAEL: Dear Peter, unfortunately I am reaching the end of my shift now, but I will transfer your request to my colleagues, who will help you further with this matter. Thank you very much once again, it was a pleasure speaking with you today. I wish you a good day.

22:50 RODERICK: Hi there! My name is Roderick and I want to start by appreciating the time you spent waiting. I am here to assist you today, so please give me a moment to check everything and I will do my best to come back shortly with the reply.

A few more messages exchange between Peter and the appreciative Roderick but nothing concrete happens.

Early the next morning. The exchange starts again and over the next day or so Peter deals with five more agents.

The money stays stolen.

As a pensioner, it is a big loss made all the worse by Revolut’s proclamations of how good they are… and their lauded safety measures

—  Reader

Peter also sent us details of a similar incident which occurred in 2021. On that occasion the Revolut agent “froze my card within two minutes of my advising of what was happening and noted that had that been done on this occasion, he “would not have had £3,600 stolen”.

He notes that 19:55 and 20:02 on that first day there were 18 separate transactions each for £200 at a Sainsburys in Croydon. The payments were listed as groceries but police subsequently discovered that it was cash withdrawals from a store ATM.

“I reported the theft to the Garda, and the Metropolitan Police in the UK. The latter have reviewed the CCTV at the ATM location but were unable to identify the suspect. It has since been passed on to Action Fraud for further investigation. There is little prospect of my funds being recovered.

“My complaint is that Revolut did not act appropriately or in a timely manner and, as a consequence, I have had £3,600 stolen. I notified Revolut of an issue before the money was stolen, and there was more than sufficient time to act but Revolut failed to do so.”

[ Revolut moves into credit cards in Irish market ]

He says that dealing with Revolut has been “a nightmare” and they have “refused to divulge details of their investigation into the matter, whether standard operating procedures were followed or if fault was found with the customer service. As a pensioner, it is a big loss made all the worse by Revolut’s proclamations of how good they are… and their lauded safety measures.”

Now, we are no fraud experts but based on what Peter told us, it seems clear the criminals had a lot of details about him before the initial failed John Lewis transaction took place. So we asked him about that.

“They had my phone number and address, so I suggested to the police and Revolut that my data must have been lifted from an online purchase. The fact that it was the digital card details they had used reinforced my belief in this, as I only used this card online. They obviously had the card number and the CVV code, etc. I would have thought that if I was targeted this way, then others must have been too and it should have been a simple task to see if this was the case and what site was a common factor.

“But again no joy from Revolut, they will not even tell me how the card was used at Sainsburys because the Met thought it was to withdraw cash, but the Revolut statement said groceries. And they have refused me a charge back because they say it was not fraud. I have asked them to elaborate on this but again they have refused.

“The message I got with the authorisation code while I was engaged with the scammers which was supposedly to confirm my ID was in fact to link the card to Apple Pay (which I did not know at the time), and because I had the Revolut app open at the time, all that appeared on my phone screen was a notice that it was a message from Revolut and the code, so I fell for it. Revolut seemed interested in what phone I had at the time, a Samsung A20e as it happens. The whole affair has more questions than answers.”

[ Divorced homebuyers: ‘Gamechanging’ rule changes make it easier to buy a new home ]

We contacted Revolut and received the following statement.

“We take our responsibility to protect and support our customers extremely seriously and have made significant investments in our systems, processes and people to ensure that our customers are safe and supported. A Revolut customer waits on average fewer than three minutes to speak to one of our customer support agents. The experience of [Peter] fell below our usually high customer support standards. We apologise for the distress this episode caused him and we are reimbursing him in full.”

Criminals use sophisticated techniques to build trust; calls can often appear to come from a number recognised as Revolut, a credit card company, or bank

—  Revolut statement

The statement went on to highlight the issue of “suspicious delivery text messages or websites that don’t look legitimate – these are methods criminals use to steal your card details and personal information. Criminals are known to impersonate banks once they’ve stolen card details, and after gaining your trust they’ll try to pressure you to make a transfer or ask for your authorisation codes [like you’d use for Apple or Google Pay].”

The statement reminded people to “protect your card details. If you receive an SMS message from any person or business, be on guard, particularly if the message includes a link or telephone number and never share authorisation codes with anyone, ever, even if they claim to be from Revolut.

“Revolut will never call you about your personal account without first contacting you via our in-app chat. Criminals use sophisticated techniques to build trust; calls can often appear to come from a number recognised as Revolut, a credit card company, or bank. If you are a Revolut customer and think you may have been a victim of fraud, freeze your cards immediately in the Revolut app and contact Revolut for help via the in-app chat.”