AI Hyper-Personalised Phishing Targeting Revolut Users
AI tools craft personalised phishing emails referencing a Revolut user's real transaction history, travel spending, or subscription details to make fake 'account review' or 'unusual activity' alerts appear shockingly specific and credible.
Part of: AI Hyper-Personalised Phishing Scams
Last reviewed: 8 June 2026
Revolut's feature set — real-time spending notifications, multi-currency travel spending, and detailed transaction categories — means users interact with Revolut data frequently. When criminals apply AI to data harvested from social media, LinkedIn, and data breaches, they can construct phishing emails that reference a Revolut user's apparent lifestyle: a recent international trip, a subscription renewal, or a typical weekly spending pattern.
This specificity transforms a generic phishing attempt into something that feels personally targeted. A message that mentions the approximate amount of a recent Revolut transaction, the country the victim recently visited, or the category of spending they use Revolut for most will feel far more credible than a template phishing email.
The intent is the same as any Revolut phishing: harvest login credentials or obtain a 2FA code to take over the account.
How this scam works on the Revolut brand
Real Revolut communications come from @revolut.com addresses and link only to revolut.com for any required action. Revolut's genuine spending notifications appear in-app and via push notifications — they do not require you to click a link and re-enter credentials.
AI-personalised phishing against Revolut users might reference the user's home city, a recent salary or business payment, or a recurring subscription Revolut has categorised. A fraudulent email opens: 'Hi [Name], we detected an unusual payment attempt of [amount] from [city] — different from your usual spending pattern. Please verify your account within 24 hours to avoid a temporary lock.'
The link leads to a Revolut-branded credential-harvesting page. Some variants also replicate Revolut's card-freeze notification — claiming the victim's card has been temporarily frozen and verification is required to unfreeze it — exploiting the real Revolut feature to create believable context.
Common red flags
- An email referencing your spending habits, home city, or transaction amounts asks you to verify identity via a link
- The sender address is not exactly @revolut.com
- The link does not lead to revolut.com
- The specificity of the email feels surprising — consider that breach data and social media can explain the personalisation without legitimacy
- The Revolut app shows no account limitation or suspicious activity when you check directly
- The email claims your card is frozen but the card works normally when you try to use it
How to protect yourself
- Navigate to revolut.com directly to verify any claimed account alert — never via a link in an unexpected email
- Enable Revolut's push notifications so genuine alerts arrive in-app first
- Use an authenticator app for Revolut 2FA
- Treat unexpected email personalisation as a warning sign rather than a trust signal — attackers research victims
- Report suspicious emails to [email protected] before clicking anything
- Use a unique email address for Revolut to reduce phishing exposure
How to report it
- Forward the phishing email to [email protected]
- Report the phishing URL to Google Safe Browsing at safebrowsing.google.com/safebrowsing/report_phish/
- File a report with Action Fraud at actionfraud.police.uk (UK) or reportfraud.ftc.gov (US)
- Report to IC3.gov (US)
- If account was accessed, contact Revolut in-app support immediately to freeze the account
Frequently asked questions
How would a phishing email know my Revolut spending patterns?
Patterns like international travel, subscription categories, and approximate salary deposits can often be inferred from public social-media activity, LinkedIn job history, and breach databases. Attackers do not need access to your real Revolut data to make a personalised guess that feels accurate.
Does Revolut's card-freeze notification come by email?
Revolut sends card-freeze notifications primarily through in-app push notifications. If an email claims your card is frozen, open the Revolut app directly to verify — do not click any link in the email.
What should I do if I clicked the link but did not enter my password?
If you clicked but did not enter any credentials, you are likely safe from credential harvesting. Change your Revolut password as a precaution, run a malware scan if the link prompted any download, and monitor your Revolut account for unexpected activity over the next few days.