Outreach and in-app notices about recent smishing attempts are complete—just as Cybersecurity Awareness Month comes to a close.

Fraudulent SMS messages are impersonating Pleo. Don’t enter passcode outside of app.pleo.io, mobile app or forward emails with links.

“Fraudulent SMS messages are impersonating Pleo. Pleo will never ask you to share your passcode. [Check details]”

“Fraudulent SMS messages are impersonating Pleo. Pleo will never ask you to share your passcode. [Check details]”

We are aware of fraudulent SMS messages impersonating Pleo, notifying recipients of declined transactions or login issues and instructing them to call a phone number or provide a reference number. These messages are not legitimate. Pleo will never ask customers to call a number or share sensitive information via SMS. As long as no action is taken (e.g., calling the number, clicking links, or sharing details), your account remains secure. If you have engaged with such messages and shared account information, please contact our support team immediately at support@pleo.io and freeze any affected Pleo cards, review your account for suspicious transactions, change your passcode and log out of all devices. Our teams continue to monitor and mitigate this phishing campaign. [DK advisory - updated 20th Oct] To improve security, we’ve retired the “Pleo” sender name in Denmark. All Pleo SMS including OTPs now come only from 54 54 67 44 (our registered long code, harder to spoof). If you receive any other sender or are asked to call/follow a link, don’t respond and ignore those messages.