MONI is a fintech offering rapid, low-cost money transfers to over 150 countries. Like all financial services companies, it operates in a threat environment where phishing is the rule, not the exception. When Jonathan Brossard, CTO of MONI, approached Arsen, his position was honest: "I don't think we're at risk; we have a very technical and knowledgeable team on the subject. But I would like to be certain." That's exactly what a phishing simulation is for.
Key Takeaways
- A highly technical team is not immune. Realistic simulations reveal blind spots that self-assessment cannot.
- Speed of detection and reporting matters as much as not falling for the attack in the first place.
- Employees who report their own mistakes are an asset, not a liability; and that culture starts at the top.
- A phishing test is most valuable when it leads to process improvement, not just a score.
A Simulation Built for Realism, Not Easy Wins
Arsen designed a campaign tailored specifically to MONI's environment. The attack scenario used a fake login portal built in MONI's visual identity, prompting employees to enter their credentials. Jonathan actively contributed to making the conditions harder; sharing information about internal topics discussed within the team and providing branding details to improve the visual accuracy of the credential-harvesting page.
Rather than trying to minimize our chances and reduce the difficulty of the attack, Jonathan allowed us to make the campaign conditions more challenging.
This approach is telling. By choosing rigor over optics, MONI set the conditions for a genuinely useful test; one that would reflect what a real attacker might actually send.
What Happened When the Emails Landed
The campaign was launched at 6:30 PM; a deliberate choice. At the end of the workday, attention naturally drops and colleagues are harder to reach for a quick second opinion. Once sent, things moved fast. Several team members opened the email first on mobile, drawn in by a notification, then switched to their computer for a closer look. In one case, that transition happened quickly enough that a team member entered their credentials before fully scrutinizing the message.
This is how MONI discovered that one team member did not have all the correct reflexes and could temporarily be compromised.
It's a reminder that even in security-conscious teams, a well-crafted attack at the right moment can find its mark.
The Response: Fast, Transparent, Collective
What set MONI apart was not that everyone resisted the attack; it's how the team responded when they didn't. The phishing attempt was flagged quickly and through multiple channels. Employees sent alerts on Slack and by email, warning colleagues who hadn't yet received the message. Critically, the one person who fell for the attack reported their mistake immediately, enabling a rapid response before any lateral damage could occur.
Not reporting being caught is a problem: on average, it takes financial companies 3 months to detect a data breach.
At MONI, that window was effectively closed in minutes. This kind of transparency reflects a security culture where employees trust that honesty is valued over blame; a culture that takes years to build and cannot be purchased off the shelf.
Turning Results Into Process
Passing a phishing simulation is one thing. Using the results to get better is another. Rather than treating the test as a closed chapter, MONI used the experience to formalize its incident reporting process; defining exactly who to contact, how, and what to do if the alert isn't relayed. Standardizing this flow means that the next time a phishing email lands, the team doesn't have to improvise.
Instead of being satisfied with the good results achieved, MONI took advantage of this experience to improve its reporting process.
That continuous improvement mindset is what separates teams that perform well once from teams that perform well consistently.
Summary
| Dimension | Result |
|---|---|
| Attack scenario | Fake MONI login portal, credentials-harvesting |
| Launch timing | 6:30 PM — low vigilance window |
| Detection speed | Fast — reported across multiple channels |
| Employees caught | 1 |
| Reporting of mistake | Immediate — enabling rapid containment |
| Post-test action | Formalized incident reporting procedure |
| Overall assessment | Strong security culture; top-tier response behavior |
About MONI
MONI (previously Monisnap) is a France-based fintech founded in 2017 by former Google and Groupon employees. The platform enables diaspora communities to send money to loved ones in more than 150 countries, with services covering cash transfers, mobile wallet top-ups, airtime recharges, and prepaid card recharges. MONI is authorized to operate as an agent of Ria Payment Institution and is backed by Serena Capital and Truffle Capital. In 2021, the company raised a €10M Series A round. Its platform is also available through strategic B2B partnerships via a remittance-as-a-service model, with clients including Nickel and Bnext.
Financial services companies face some of the highest phishing exposure of any sector. See how Arsen helps financial organizations build resilient security cultures →
