I have received an email from Wise.com with the subject "Enrol in free dark web monitoring"<p>1. I don't understand what "dark web monitoring" means. It could mean monitoring for my data appearing on dark web, or monitoring my activity on dark web or many other things... It just sounds very dangerous and shady.
2. "Enrol" is spelled "enroll". Usually scammers write in poor English.<p>The linked help article is about the breach that was found and how they, due to this, are offering this service now.
The email also contains the deadline.
Altogether it just sounds like a phishing attack more than a legit email from Wise.com.<p>The email contained this link
<a href="https://bfs.cyberscout.com/activate" rel="nofollow">https://bfs.cyberscout.com/activate</a> (an unknown third-party) and an activation code for my account to use on that service.<p>Wise instructed me to use the activation code and submit my personal data to "enrol in free dark web monitoring".
This sounds like a terrible practice. Normally financial and other institutions tell you to never submit your personal data to third-party. Also email "from" field can be faked (more-less).
A better approach, in my opinion, would have been to ask customer to login into their Wise.com account and find the activation code there.
Am I overthinking this?<p>To me this seems like a security issue, because an unsuspecting inexperienced customer will consider it perfectly normal to have to add their data to third-party websites when (a hacker masquerading as) their financial institution asks them to.