Monzo account was hacked, need help.

born_again

JayKay70 said:

400ixl said:

JayKay70 said:

And to open up a second account with Revoult and everyday send money you need for that day from HSBC too Revoult and use Revoult as your daily spender.

That is the worst advise possible. Revolut are not a bank, they are also completely unethical, have a higher risk of just restricting access to your money for no reason and is the go to method for scammers to extract money.

If she is not that savvy, using Revolut is the worst thing to have her do.

It's only to be used for daily spending, around £10 too £15 a day to be put in there for bus fares and food etc etc.

I have had Revoult for many years now and never had a problem, tbh i think all banks are vulnerable, it's all down to the person being extra vigilant.

But i will take your advice and get her to open up a account with one of the major banks.

Which given 
She's 21 years old and recently moved to the UK to go to University

May not be that easy.

mikb

I asked her and she said she uses the same email and passwords for everything, i told her that is a very stupid thing to do.

In which case ... try putting her old email address (only, no need for the password!) into https://haveibeenpwned.com/ and see if that's ended up out there for criminals to harvest. If so, it's time for a wholesale change of email address, and passwords unique to different sites.

MobileSaver

JayKay70 said:

mikb said:

Not sure how they got into Vinted, what i do know is she used the same email address with Vinted & Monzo (silly thing to do i know).

Same email address, or same email address and same password? Same password counts as silly.

I asked her and she said she uses the same email and passwords for everything, i told her that is a very stupid thing to do. ...

now i just need to try and help her if possible get her money back as everyday she's upset/crying.

I suspect that using the same email and password for everything will be considered somewhat more than silly or stupid and that both the bank and the Financial Ombudsman will treat it as gross negligence by the customer.

Essentially your son's girlfriend has broken one of the cardinal rules and warnings of every bank out there by sharing her password with who knows how many other people/organisations. Most people would probably think it wrong in such circumstances for her to get the money back from the bank.

born_again

I don't know what's need to get in to Monzo app. But a banking app with just email & a password would be unusual.
Normally there is some form of biometrics involved.

m-holland

Am i not correct in saying that to setup a new payee in Monzo you will need to verify it with either the card PIN or biometrics?

Zinger549

born_again said:

I don't know what's need to get in to Monzo app. But a banking app with just email & a password would be unusual.
Normally there is some form of biometrics involved.

You can turn off biometrics in the app so it just opens without the need for fingerprint ect.

user1977

MobileSaver said:

JayKay70 said:

mikb said:

Not sure how they got into Vinted, what i do know is she used the same email address with Vinted & Monzo (silly thing to do i know).

Same email address, or same email address and same password? Same password counts as silly.

I asked her and she said she uses the same email and passwords for everything, i told her that is a very stupid thing to do. ...

now i just need to try and help her if possible get her money back as everyday she's upset/crying.

I suspect that using the same email and password for everything will be considered somewhat more than silly or stupid and that both the bank and the Financial Ombudsman will treat it as gross negligence by the customer.

Is there any case law to that effect? I know it's best practice to use different passwords for different logins, but it doesn't seem the same sort of negligence as actually advising a third party what your password is or e.g. writing it down somewhere.

MobileSaver

user1977 said:

MobileSaver said:

JayKay70 said:

mikb said:

Not sure how they got into Vinted, what i do know is she used the same email address with Vinted & Monzo (silly thing to do i know).

Same email address, or same email address and same password? Same password counts as silly.

I asked her and she said she uses the same email and passwords for everything, i told her that is a very stupid thing to do. ...

now i just need to try and help her if possible get her money back as everyday she's upset/crying.

I suspect that using the same email and password for everything will be considered somewhat more than silly or stupid and that both the bank and the Financial Ombudsman will treat it as gross negligence by the customer.

Is there any case law to that effect? I know it's best practice to use different passwords for different logins, but it doesn't seem the same sort of negligence as actually advising a third party what your password is or e.g. writing it down somewhere.

It's a standard term and condition of every bank I've an account with to use a unique password and not share your password with anyone so sharing the same password with every site you have an account with would surely fail that?

As ever, would the man on the Clapham omnibus consider using the same password for everything be a "conscious and voluntary disregard of the need to use reasonable care" (a typical definition of gross negligence)? Personally I don't think there's any doubt in this case but others may disagree.

user1977

MobileSaver said:

user1977 said:

MobileSaver said:

JayKay70 said:

mikb said:

Not sure how they got into Vinted, what i do know is she used the same email address with Vinted & Monzo (silly thing to do i know).

Same email address, or same email address and same password? Same password counts as silly.

I asked her and she said she uses the same email and passwords for everything, i told her that is a very stupid thing to do. ...

now i just need to try and help her if possible get her money back as everyday she's upset/crying.

I suspect that using the same email and password for everything will be considered somewhat more than silly or stupid and that both the bank and the Financial Ombudsman will treat it as gross negligence by the customer.

Is there any case law to that effect? I know it's best practice to use different passwords for different logins, but it doesn't seem the same sort of negligence as actually advising a third party what your password is or e.g. writing it down somewhere.

It's a standard term and condition of every bank I've an account with to use a unique password and not share your password with anyone so sharing the same password with every site you have an account with would surely fail that?

I think the man on the Clapham omnibus would interpret "sharing" your password to be actually telling someone "this is the password I use for my bank login". Given how common it is for people to use the same password, surely if banks thought that was a valid defence we'd have heard about it being used it by now?

I suppose the other question is how the bank would know what passwords you use elsewhere?

born_again

Zinger549 said:

born_again said:

I don't know what's need to get in to Monzo app. But a banking app with just email & a password would be unusual.
Normally there is some form of biometrics involved.

You can turn off biometrics in the app so it just opens without the need for fingerprint ect.

So what info is needed to login in then?