Consumers warned about combined fake text and phone call fraud tactic

40% increase in social engineering scams in two weeks
Fraudulent SMS followed by voice call being used to gain access to accounts
Customers asked to swipe ‘fake notification’ on their banking app
Funds being moved to money-mule accounts and spent on high value items

Bank of Ireland is warning customers about a tactic now being used by fraudsters to dupe people into handing over their bank details. Fraudsters are doubling down on their efforts to access customers’ accounts by first contacting them by text and following up with phone calls to convince them to hand over their details. Once they gain access to the accounts, funds are then being transferred by fraudsters into money-mule accounts or spent immediately on expensive items including electrical goods.

During the last two weeks, the number of combined fraudulent text message and phone call cases detected by Bank of Ireland’s Fraud Prevention Team has increased by c. 40% when compared to the previous month.

What to look out for:

Bank of Ireland-branded texts saying to expect a call from Bank of Ireland. If the customer takes the call, the fraudster will try to convince them to reveal their card details, and then tell them that they need to swipe a ‘fake notification’ on their app to complete an update process. This ‘fake notification’ is, in fact, a real transaction being carried out by the fraudster.
Bank of Ireland-branded texts giving a fake phone number to call. If a customer calls, they are duped into giving card details and again, sometimes asked to swipe a ‘fake notification’ which is, in fact, a real transaction.
An Post or HSE branded fake texts that then lead to ‘phishing’ websites. These websites are used to collect credit or debit card numbers and customer account login details. In some cases, where a customer gives a phone number but not full login information, there will be a follow-up phone call from the fraudsters to obtain details and gain access to their account.

Edel McDermott, Head of Fraud, Bank of Ireland: “Fraudsters are becoming increasingly persistent in their attempts to steal people’s money. Fraudulent text messages are now being followed up by phone calls from fraudsters to convince people to hand over their details.

“Be vigilant if you receive a phone call from someone claiming to be from your bank, credit card company or another company you may trust – even if you get a text first that tells you to expect the call. No matter what story you are told, do not give away your card, account, or banking details. End the call immediately and do not call the number back if you are suspicious.

“And remember, do not click on links or call any numbers you receive in a text message. You can call your bank using the number on the back of your card or a listed phone number”.

Bank of Ireland advice to customers:

Do not click on links in any SMS text messages designed to appear as if sent by the bank or other businesses and service providers.
Be very careful with any phone number sent to you in a text. It could be fake.
Where customers receive a text appearing to be from Bank of Ireland, the Check Your Text service (Security Zone – Bank of Ireland Group Website) is now available.

If you get a text that claims to be from Bank of Ireland but you are not sure if it’s genuine, here’s how to verify it:

Copy the text you wish to verify.
Paste into a new message.
Add the word CHECK before the text. (In the same text)
Send to 50365.

Alternatively send it to 365security@boi.com and we’ll let you know if it was really from us. Remember to forward a screenshot of the text if possible.

If you think you may have given away any of your banking details, please call our 24/7 Freephone line 1800 946 764 immediately.

For more advice and information on fraud, visit boi.com/security or www.fraudsmart.ie