Fake Revolut Device-Pairing Account Takeover Scam
Criminals contact Revolut users claiming a new device needs to be removed from the account for security, then walk them through steps that actually authorise the attacker's device — granting persistent access to the Revolut account without any further OTPs.
Part of: Account Takeover Scams
Last reviewed: 7 June 2026
Revolut's linked-devices feature allows users to see which phones and tablets have access to their account and remove any they do not recognise. Scammers have inverted this security feature: instead of the user removing an attacker's device, the attacker talks the user into authorising the attacker's device as a trusted one.
The scenario begins with a call from a person claiming to be from Revolut's security team. They say that an unrecognised device attempted to pair with the victim's account and that the victim must follow a few steps to block it. The 'steps' — presented as a security procedure — actually authorise the attacker's device by guiding the victim through a pairing confirmation flow that triggers a notification on the victim's own phone to approve.
Once the device is paired, the attacker has persistent access to the Revolut account without needing further OTPs. From that point they can monitor balances, initiate transfers, and change account settings without triggering additional authentication steps on the victim's device.
How this scam works on the Revolut brand
Revolut's legitimate device-management is accessed through Profile > Devices in the app. Revolut's security team communicates through the app's in-app chat and does not make proactive outbound calls. When a new device pairs with a Revolut account, the existing device receives a notification asking the account holder to confirm whether this was them — a legitimate security step.
The fraudster exploits this legitimate notification by initiating a device-pairing request for their own device and then immediately calling the victim to explain it as an 'attempted attack by a third party'. The victim, confused and alarmed, receives the pairing notification on their phone during the call. The attacker instructs them to 'approve the removal' — but the notification button actually approves the new device addition.
This attack works because pairing notifications are designed for user convenience and may not be worded in a way that is immediately clear to a non-technical user. The presence of an urgent phone call during the notification creates exactly the right conditions for a mistake.
Common red flags
- An unexpected call from 'Revolut security' about a suspicious device-pairing attempt
- A push notification arriving on your phone at exactly the moment the caller describes an 'attack'
- Being guided to approve or act on a notification while on a call with an unsolicited caller
- The caller asks you to navigate to Profile > Devices and perform specific actions
- The 'security agent' tells you to approve something to 'block' it — approvals authorise, they do not block
- After you follow the steps, the caller says everything is resolved but your Revolut shows a new linked device
- No corresponding security incident is visible in your Revolut in-app chat after the call
How to protect yourself
- Never perform account actions at the instruction of someone who called you — hang up first
- Check Profile > Devices in the Revolut app independently and remove any device you do not recognise
- Contact Revolut through in-app chat to verify whether any genuine device-pairing issue exists
- Understand that approving a device notification authorises access — never approve one you did not initiate
- Enable biometric authentication on your Revolut account for an extra layer of verification
- Review linked devices after any suspicious call to detect unauthorised additions
- Report any new device you did not add through the Revolut in-app chat immediately
How to report it
- Remove the unauthorised device through Profile > Devices in the Revolut app
- Report through in-app chat: Profile > Help > Chat with us
- In the UK, report to Action Fraud at actionfraud.police.uk
- File a complaint with the FTC (US) at reportfraud.ftc.gov
- If transfers were made from the compromised access, use the in-app dispute transaction feature
Frequently asked questions
What does a legitimate Revolut device-pairing notification look like?
When you set up Revolut on a new device yourself, the existing device receives a notification asking you to confirm the new device addition. This should only happen when you are actively setting up a new phone or reinstalling the app — not in response to an unexpected phone call.
How do I remove a device from my Revolut account?
Open the Revolut app, go to Profile, then Devices. You will see all currently paired devices. Tap any device you do not recognise and select 'Remove device'. Do this in the app — not through any instructions given by a phone caller.
If an attacker has a paired device, what can they do without my phone?
A paired device with a valid session can access Revolut fully — including checking balances, initiating transfers, and modifying settings. Remove any unrecognised device immediately and contact Revolut support to review recent activity.