In May, monobank clients lost half as much money to fraudsters as they did in April. The bank's co-founder Oleg Gorokhovskiy named the main reason: people finally learned a simple rule — mono does not call. This is not marketing, this is a measurable effect. But this is where the next chapter begins.
How one rule changed the statistics
A phone call from a "bank employee" — still the most common tool of so-called "office scammers." The scheme is simple: a person gets scared, trusts the voice on the phone, and transfers money themselves or reveals their data. When a critical mass of clients stopped answering such calls, the effectiveness of attacks dropped sharply.
But fraudsters' adaptation was not long in coming.
Two new vectors that are already working
The first — IVR calls. Instead of a real person, a robot calls: "Your application has been accessed from an unknown device. If it wasn't you — press 1". After pressing, the client gets connected to a real scammer who offers to transfer funds to a "backup account" or urgently take out a loan to "save" the money. As Gorokhovskiy noted on Telegram, the rule remains the same: you cannot press any digit — 1, 2, 3, 4 — in response to such a call.
The second vector — fake job listings. Social networks have been flooded with advertisements for monobank hotline operator positions with salaries starting from 40,000 UAH. "Do you want to work at mono? Install the app and complete a quest to be hired," — this is what a typical trap looks like.
"Once they get access to the victim's phone, they don't necessarily steal money from mono — they can break into other banks or do other things."
Oleg Gorokhovskiy, co-founder of monobank
There is an important detail here that is easy to miss: monobank is indeed protected against control interception — the bank acknowledges this openly. But fraudsters don't care. Once they gain access to the smartphone, they can log into Privat24, other apps, social networks, or simply take screenshots of documents.
What this means in practice
- Any IVR call "from the bank" — is fraud. Monobank does not initiate calls to clients.
- Any job listing with a condition to install an app — is fraud, regardless of what brand it's disguised under.
- Protection of one app does not protect the phone — compromising the device gives access to everything.
monobank announced an intensification of its information campaign specifically around the scheme with third-party applications — apparently, it has not yet reached the level of awareness that once broke the statistics on calls.
If the trend repeats — and the new rule is learned so widely — will fraudsters manage to find a third vector before the bank closes the second one?
