Fraud Alerts

Latest update: 16 January 2024

Unexpected texts or phone calls

Fraudsters are calling customers pretending to be from Bank of Ireland. They say that your account has been compromised and ask you for your card details, online banking details and activation codes. Don’t share them. Bank of Ireland will never call you and ask for your full card details, full 365online PIN or one-time activation codes sent to you in a text.

Remember to Stop, Think, Check

  • Be wary of any unexpected texts or phone calls claiming to be from Bank of Ireland, especially if they say there is a problem with your bank accounts.
  • Never share your full card details, your full 365 online PIN or any one-time authorisation codes that we’ve sent to you by text with anyone.
  • Remember, Bank of Ireland will never ask you to download any software so that we can take control of your computer or phone, or so we can move your money to a “safe” account.

Bank of Ireland customers who think they gave away their banking details should call our 24/7 freephone line on 1800 946 764 immediately.

Other Fraud Alerts

  • Purchase and delivery scams

    Purchase and delivery scams

    Fake “buyers” are contacting sellers on well-known and legitimate second-hand/resale websites saying they want to buy an item listed for sale. The “buyer” says that they can get well known couriers to pick up the item for them. The seller then receives a message with a link to a website that asks them to confirm the “delivery” and to enter their bank/card details so they can “receive payment” for the item straight onto their card or directly into their bank account.

    Stop, Think, Check.

    • Never share your full card details, your full 365 online PIN or any one-time authorisation codes that we’ve sent to you by text with anyone.
    • Swiping to approve a payment on your B365 app does not allow you to receive money, it sends the funds to the fraudster.
    • Remember that delivery companies, banks, utility providers and Government agencies will never send a text linking to a website that requests banking details.
  • 'Live Chat' remote access scam

    'Live Chat' remote access scam

    Fraudsters are currently calling business customers pretending to be from Bank of Ireland. What they’re trying to do is trick you into letting them access your device by pretending that you are connecting to a Live Chat service on a fake Bank of Ireland website.

    What happens?
    You may receive a phone call from someone claiming to be from Bank of Ireland.

    1. The caller asks you to log into your online banking as normal.
    2. The caller (fraudster) then asks you to go to another new website address, saying that this is: “for a live chat service” or “to verify the customer’s PC”, but in reality it allows the fraudster remote access to your PC. The fraudster can now see your screen and access all your files and programmes.
    3. The caller will set up payments on your online banking and ask you to read out the one-time codes from your BOI app to approve the payments.

    Remember to Stop, Think, Check

    1. If you get a call from someone who asks you to go to a website or to click on a link that they will send to you, just hang up.
    2. Never allow a caller to take remote access of your PC.
    3. If someone asks you for a one-time code from your online banking app, they are a fraudster. Never, ever share those codes with anyone, even if they say they are from Bank of Ireland.
    4. Be very careful when logging on to your online banking website. The safest thing is to type in the website address yourself or to log in through the main Bank of Ireland website at bankofireland.com
  • Rental Accomodation Scams

    Rental accommodation scams

    Rental accommodation scams trick people into paying rent for property that doesn’t exist or is not actually available to rent. These scams happen throughout the year, but an increase is often seen in September as students start college.

    In some cases, fraudsters will say they’re out of the country and unable to meet you, but will ask for money upfront or request a deposit to hold the property. There are even cases where fraudsters have hired properties to use for viewings to trick renters into handing over a deposit. They may even provide fake keys.

    Remember to Stop, Think, Check.

    How to avoid rental accommodation scams:

    • Use established letting agencies.
    • Be extra vigilant if the rental property is found online and not through an established letting agency.
    • Always meet the landlord in the accommodation to be rented.
    • Ask for identification from the landlord or letting agent such as a drivers licence.
    • Get a second opinion from a trusted family member or friend.
    • Ensure keys work before paying any deposit.
    • If it sounds too good to be true it probably is!

    If you think you have fallen victim to a rental accommodation scam, call our 24/7 freephone line on 1800 946 764 immediately.

  • Family Impersonation Text Scams

    Family Impersonation Text Scams

    Fraudsters are sending fake messages purporting to be from a member of the family with a lost or damaged phone who needs access to money.

    Cases of "Hi Mum/Dad..." text message scams follow a similar format each time, opening with "Hi Mum/Hi Dad, this is my temporary / new number..." followed by a request intended to look like it’s from a child asking for help to pay for something urgently. In some cases, the fraudster will ask for a payment to be made to a specific bank account or in other cases ask for a card number and then set it up on a digital wallet e.g. Apple Pay or Google Pay (and ask Mum/Dad for the code that the bank just sent).

    Remember to Stop, Think, Check.

    • If you receive a text message with an unusual request from a child or family member - do not respond to the SMS or click on any link that may follow;
    • Instead, verify the identity of the sender: call your family member using their usual phone number saved in your contacts, a number that you know;
    • If you get a suspicious text, please email a screenshot of the text to 365Security@boi.com and then delete the text; and
    • Bank of Ireland customers who think they gave away their banking details should call our 24/7 Freephone line 1800 946 764 immediately.
  • Motorway & Utility Text Scams Are On The Rise

    Motorway & Utility Text Scams Are On The Rise

    Scam texts claiming to be from motorway toll service or utility companies are circulating at the moment. The texts, which urge customers to pay outstanding charges or update account details, have links to fake websites that ask for your card or online banking details.

    Remember to Stop, Think, Check.

    • Do not click on links or respond to SMS text messages which appear as if sent by a motorway toll operator looking for payment for an unpaid toll; Remember that companies such as these, or banks, delivery companies, utility providers and Government agencies will never send a text linking to a website that requests online banking details;
    • eFlow has advised anyone who receives a text message regarding unpaid tolls to ignore the message and not to open any links. eFlow does not ask customers to open any links to confirm payment details;
    • Verify the identity of the sender. Call the company using their legitimate phone number (ensure you source it independently of any SMS);
    • If you get a suspicious text, please email a screenshot of the text to 365Security@boi.com and then delete the text; and
    • Bank of Ireland customers who think they gave away their banking details should call our 24/7Freephone line 1800 946 764 immediately.
  • Beware of Ransomware

    Beware of Ransomware

    What is ransomware?

    Ransomware is a type of malicious software (or malware) designed to block access to a computer system or device until the victim pays a sum of money (the ransom) to the attacker. Ransomware is one of the main security concerns for organisations globally, and email continues to be a very common method used by cyber criminals to deliver this attack.

    What you can do

    There are a number of steps you can take to help protect yourself and/or your business against a ransomware attack

    • DO NOT click links in suspicious emails or download unsolicited email attachments.
    • If you receive an email from a known sender, but with an unusual link or attachment, contact them first to confirm the legitimacy of the email.
    • If you receive a suspicious email in relation to your Bank of Ireland accounts, forward it as an attachment to 365security@boi.com immediately.
    • Be careful when accessing websites; do not click on advertisements as they could contain malicious software.
    • Ensure your anti-virus software is up to date.
    • Always run your computer or network on the most up to date version of the operating system.

    Protect yourself

    In addition to the general guidance above, you should take the following step to protect yourself:

    • Ensure your operating system (Windows, Mac OS) is set to automatically update (and apply patches) as early as possible.

    Protect your business

    In addition to the general guidance above, you should take the following steps to protect your business:

    • Apply security patches as soon as they become available.
    • Back up your data. You can’t be held to ransom if you hold your data somewhere else.
    • Review and restrict accesses to your technology on a needs basis.
    • Ensure you have a firewall enabled on your technology.

    If you are affected

    • If you think you have been the victim of a ransomware attack and your data or files have become infected, the general advice from law enforcement agencies is not to pay the ransom.
    • It is also advised that you disconnect infected computers from your business network immediately to stop the spread of infection to other computers in your network.
    • Contact your security service provider if you have one, or seek professional advice from a security service provider.

    Helpful Sites
    FraudSmart
    An Garda Síochana
    The Business Continuity Institute
    The Europol European Cyber Crime Centre (EC3) and partners website

  • Watch out for investment scams from fake or unregulated investment firms

    Watch out for investment scams from fake or unregulated investment firms

    Fake or unregulated companies can offer very convincing investments promising a quick profit or return. For example, they might be selling cryptocurrencies or offering bonds and share investment opportunities.

    However, if you invest with them you are unlikely to see your money ever again.

    You might find these bogus firms online when you are searching for investment opportunities or you might get a pop-up message on a website or through social media.

    Alternatively, you might read an online article where a celebrity appears to promote an investment or tells a story about how much they made from it – these articles are fake.

    Or you might get a cold call or an email from someone who claims to be from a legitimate investment company who puts pressure on you to take advantage of an urgent opportunity.

    These firms might appear to have legitimate websites and convincing products and might even have somewhere you can ‘log in’ to check your investment.

    But they are fake and are designed to separate you from your money.

    They might try to convince you to ‘start small’ and then show you how you can ‘make a larger profit’ to try to convince you to add to your investment.

    None of their figures are real and everything they do is calculated to put more pressure on you to invest more money with them.

    How to protect yourself from these scams

    Don’t respond to cold calls and don’t be rushed into investing your money.

    Be very suspicious of any offers that guarantee a return or a large profit.

    Make sure you do your research before making any investment.

    Always make sure that a firm that you’re thinking of investing with is a regulated firm. You can check the Central Bank of Ireland register (ROI) or the Financial Conduct Authority (UK) register at the links below. If a firm is not listed, do not invest with them.

    If you think you have been the victim of this type of fraud, please contact us as soon as possible.

    You can find more information and advice on how to protect yourself from fraud on the Security Zone section of the Bank of Ireland website.

    https://www.garda.ie/en/about-us/our-departments/office-of-corporate-communications/news-media/investment-scams_ie.pdf

  • Invoice Redirection Fraud - BPFI Issue Fraud Alert

    Invoice Redirection Fraud - BPFI Issue Fraud Alert

    Publication by:
    Banking and Payments Federation (BPFI)
    For the attention of:
    Irish Businesses
    Purpose of Advisory:
    To advise that a number of businesses in Ireland have recently fallen victim to a scam involving bogus emails being received that purport to be from an existing creditor. The email generally contains a letter as an attachment, the letter purports to notify the receiver of new (amended) bank account details to which all future payments are to be sent.
    Key Details:
    1. Irish businesses are increasingly experiencing attempted Invoice Re-direction fraud.
    2. This involves a creditor's beneficiary details being fraudulently altered.
    3. The business is misled into believing that a beneficiary's bank account details have been changed and so funds that are due to be paid out are transferred to a fraudulent account.
    4. Attempts such as this could be successful if the change of details request is not confirmed directly with the source supplier (Use a phone number from your files, not from the letterhead of the suspect letter).
    5. There are various other measures a business can take to safeguard itself against such fraud.
    6. For further details please see below.

     

    Background:
    There is a growing trend in Payment Fraud involving beneficiary details being fraudulently altered. This bogus invoice fraud usually involves genuine invoice details being intercepted by unknown means, the beneficiary account details are altered so that payment is redirected to an account under the fraudster's control. The fraud will usually be discovered some time afterwards when the legitimate company sending the invoice queries "non-payment".
    What Are the Tell Tale Signs?
    The email notifying the change of details may be in the name of someone that the receiver is used to dealing with, however the fraudsters will have created a bogus email account and the sender’s name which will carry a minor variation, see following examples:

    GenuineBogus

    james.ryanabcd@hotmail.com jamesryanabcd@hotmail.com
    liz.smythabcd@stantons.com liz.smythabcd@stantonz.com

    Fraudsters may then submit bogus invoices. These invoices (and any covering letters) may appear to be printed on company headed paper but are more likely scanned copies from an original document and printed onto paper using a domestic printer so the company logo may appear less sharp and slightly blurred.

    Action:
    Although not exhaustive, some examples of action you can take to protect yourself are:
    • Make a phone call to a known contact within the firm that appears to be requesting fundamental changes in banking details.
    • Always confirm change of bank account requests with the company making the change, being mindful not to use the contact details on the letter requesting the change.
    • Look out for different contact numbers and e-mail addresses for the company as these may differ from those recorded on previous correspondence.
    • Consider reviewing change of account details already acted upon where payment is due at a future date and confirming the authenticity of the request.
    • Consider setting up designated Single Points of Contact with companies to whom you make regular payments.
    • Instruct staff with responsibility for paying invoices to be cognisant of checking invoices for irregularities and checking out their concerns with the company requiring payment.
    • Consider setting up a system whereby when an invoice is paid you also send an email to the recipient informing them that payment has been made and to which bank account. Be mindful of account security and consider including the beneficiary bank name and the last four digits of the account to ensure security.
    • Fraudsters may have found information regarding contracts and suppliers on the victim organisation's own web-sites. Consideration should be given as to whether it is necessary to publish information of this type in the public domain as it has been demonstrated that it can be used to facilitate fraud.
    • For payments over a certain threshold, consider organising a meeting with the company who are requesting payment, and satisfy yourself that payment will be sent to the correct bank account and recipient.

    This is a general notice issued by the Financial Crime and Security Department of the BPFI on Behalf of BPFI members.

  • Pension Liberation

    Pension Liberation

    Purpose of Memo:
    The Bank wishes to alert customers and members of the public to a scam that is currently active.
    Detail:
    Pension Liberation also known as ‘pension loans’ and ‘pension scam’ is a transfer of a scheme member’s pension savings to an arrangement that will allow them to access their funds before retirement age. But accessing pension savings before minimum pension age is only possible in rare cases, like terminal illness.

    Pension Liberation can result in tax charges and penalties of more than half the value of a member’s pension savings, and those being targeted are usually not being told about the potential tax implications. This is in addition to high charges, typically 20 to 30% for entering into one of these arrangements and high risk investments for the remaining pension savings.

    Warning signs:
    • Unsolicited contact
    • Transfer of funds overseas
    • Attempts to access pension before retirement age
    • Copy of documentation has not been provided to member
    • Member encouraged to carry out transfer quickly
    • Receiving scheme not registered/newly registered with relevant Revenue authority
    • Member informed there is a legal loophole
    Action:
      • Never give out financial or personal information to a cold caller;
      • Check the credentials of the company and any advisers – who should be registered with the appropriate regulatory authority, e.g. the Financial Conduct Authority in the UK, or the Irish Pensions Board in RoI;
      • Ask for a statement showing how your pension will be paid at retirement, and question who will look after your money until then;
      • Speak to an adviser that is not associated with the deal you’ve been offered, for unbiased advice;
      Never be rushed into agreeing to a pension transfer.

    For further information on Pension Liberation see:

    www.bankofireland.com.
  • Share Fraud

    Share Fraud

    Bank of Ireland reminds all shareholders to be vigilant to potential scams which are targeted at shareholders in Irish public companies.

    Information on scams
    So called “share fraud” scams are operated by fraudsters who contact shareholders unexpectedly and offer to buy their shares at prices higher than current market value. However, while they appear to offer high returns, those who invest usually end up losing their money.

    These individuals often use high pressure sales tactics and tell shareholders that they need to make a quick decision or miss out on a deal which will give them a large return on their investment. The offer to purchase shares will likely come with a request for money up front as a bond or other form of security, which will be accompanied by a guarantee to pay back the money involved if the sale does not go ahead. This advance fee is part of the scam – shareholders are unlikely to hear from them again.

    They will have accessed your name from publicly available shareholder lists. While cold calling is the most common form of contact, these people will also use email, post, face-to-face contact or will approach some shareholders at seminars.

    Always be extremely careful and vigilant before buying or selling shares, especially if the contact is unsolicited. Be wary before releasing funds in advance of any positive proof of the validity of any offer.

    Remember:
    • Keep in mind that firms authorised by the Central Bank of Ireland or the UK’s Financial Conduct Authority are very unlikely to contact you out of the blue with an offer to buy or to sell shares.
    • Always take a note of the name of the person and organisation that has contacted you and avoid getting into a conversation with them.
    • Beware of fraudsters claiming to be from a firm which is authorised – they may copy its website or letterhead. If you are in doubt, use publicly available contact details to make contact with the firm directly to ascertain whether the communication is genuine.
    • Check if the company or individual is on the list of authorised investment firms which is available from the Central Bank's website.
    • Obtain independent advice from a qualified advisor or stockbroker.
    • Do not provide bank details or arrange to transfer money if you are not absolutely sure of the identity and bona fides of the caller.
    • Remember that at any time when you are uncomfortable with a conversation continuing, you can just hang up.

    Report any unsolicited approaches in relation to your shares to the Company’s Registrar, Computershare Investor Services (Ireland) Limited at +353 (0) 1 2475414.

Disclaimer Note: The information contained in this Fraud Alert /Advisory is for general guidance and for information purposes only and is intended to enhance awareness and vigilance regarding this fraud.