“Adopt the Zero Trust Principle – Never Trust, Always Verify”

Bank of Ireland partners with leading international cyberpsychologist in the fight against fraud

  • Bank of Ireland research reveals that fraudsters are contributing to the stress of the nation with over 68% of those surveyed worried about being targeted by online fraudsters.
  • Increase in people receiving a fraudulent email, text or call – from 55% to 61%, 2020 to 2021.
  • Cybercrime expert Professor Mary Aiken advises: “We need to adopt the ‘Zero Trust’ principle – that is ‘never trust, always verify’ when it comes to online activity and protecting personal and financial information”.

In the wake of a significant spike in fraud targeting the Irish population, Bank of Ireland has partnered with leading international cyberpsychologist, Professor Mary Aiken, to understand what drives customers to click on links in text messages that they believe are from their bank.

The Bank has also conducted research (Red C, RED Line Omnibus, July 2021) which has revealed a sharp rise in the number of fraud attempts on the population in the last year and an increase in the numbers feeling under threat:

  • 61% have received a fraudulent email/SMS/call claiming to be from their bank;
  • 74% regularly consider the threat of fraud when they are online
  • ‘Smishing’ or fake texts are the most common form of targeting; 47% have received a fraudulent SMS claiming to be from their bank, up 10% on 2020.

Professor Aiken highlights that our behaviour can make us more vulnerable to online fraud – including online disinhibition, psychological vulnerability, and cognitive dissonance – and there are specific ways that consumers can address these risks:

  • Online dis inhibition: The concept of online disinhibition can play a major role in fraud. This means that people sometimes do things online that they wouldn’t do in real life, like revealing personal information and taking more risks. Cybercriminals also use profiling, targeting victims to harvest their data.
  • Advice to address this risk: “Think like a profiler” – this means, be conscious of your ‘digital exhaust’ which is the trace you leave online, and be wary of posting personal information on social media sites. It is also extremely important to consider what personal information could reveal about you to a fraudster, and how it might help them to target you.
  • Psychological vulnerability: We have all been subjected to an ‘infodemic’ over the past 18 months which can cause increased levels of anxiety. When people become anxious, it can raise their level of vulnerability. This can create a new ‘attack vector’ for cybercriminals who may, for example, place an urgent instruction in their communications regarding personal or financial information. When this form of attack happens against the background of – for example – a major ransomware event with associated threats to dump personal data, it can create a perfect storm of opportunity for cybercriminals.
  • Advice to address this risk: Be very wary of any message, from a bank or any supplier or company, which asks you to take urgent action. Stop, wait, and consider if this could be a fraudulent message. Adopt the ‘zero trust’ principle: never trust, always verify.
  • Cognitive dissonance – This describes the mental discomfort that results from holding two conflicting beliefs or attitudes. For example, we know we should be wary of public Wi-Fi as we do not know who set up the network, and we understand that malicious users could capture passwords or intercept what we are doing online. However, many of us – when we really want to connect – ignore the risk, and do it anyway.
  • Advice to address this risk: Think carefully before you click or connect. Don’t just hope or assume everything will be ok. That is the assumption fraudsters are hoping you will make.

Professor Mary Aiken commented: “Bank of Ireland’s research bears out what we are seeing on a global scale. A surge in cybercrime is being reported around the world, highlighted in recent reports from Europol , INTERPOL, and the FBI who reported a 300% increase in cybercrimes since the pandemic began.

“The Gardaí also reported an increase in online crime up 50% last year – with criminals moving away from traditional types of theft and robbery to attempting to defraud people online. It’s difficult: trust is a very human trait but in an age of technology we have to adapt. When it comes to personal information or financial transactions, the ‘zero trust’ principle must be front of mind – never trust, always verify.”

Edel McDermott, Head of Fraud, Bank of Ireland said: “Our customers’ financial wellbeing and peace of mind around the safety of their accounts is a top priority for Bank of Ireland. To help protect customers against fraud, we have issued a number of warnings in recent weeks about the alarming increase in ‘smishing’ (fraudulent text) attempts. Unfortunately, in spite of the warnings, people continue to click on links and disclose their personal information to fraudsters.

“We are working with Professor Aiken to help our customers understand how the fraudsters target our vulnerabilities as we live our lives increasingly online. The Bank’s message to our customers has not changed, and is simple: We will never text, send emails or call a customer looking for their confidential banking details. Do not click on links or disclose personal information including one-time passcodes or your full Banking 365 PIN. You can forward any suspicious emails or texts to us at 365Security@boi.com and if anyone is concerned that their account has been compromised, they should call our 24/7 freephone line 1800 946 764.”