• Security Zone

    Security Zone

    Technology is making it quicker and easier to stay on top of your finances wherever and whenever you want. As more of our customers choose to use new ways of banking such as phone, tablet or computer, we’re committed to keeping their information secure.

    At the same time you can help minimise the risks to yourself by being security conscious when you’re online or on your phone. While we may contact you to discuss the operation of your account, to send you product related messages, or for feedback on your banking experience please remember these points:

    Customers should never:

    • Click on or open suspicious links and attachments.
    • Respond to unsolicited text messages or emails.
    • Provide your full banking details in a pop-up window.

    Bank of Ireland will never:

    • Send you a link directly to the login page of our online banking pages.
    • Send you an email with a direct link to your latest eStatement.
    • Ask you to share your full 365 PIN or Business On Line password.
    • Ask you to transfer money out of your account to protect yourself from fraud.
    • Request your account information through an onscreen pop-up window.

    Bank of Ireland will always ask 365 online customers for:

    • Three random digits from your 6-digit 365 PIN – never more, never less.
    • Your full 365 online user ID and
    • Either your date of birth or the last four digits of your phone number – never both

    Bank of Ireland will always ask Business On Line customers for:

    • Your username and password only on the log on screen, never your Digital Certificate password.

    You should always:

    • Check eStatements or bank statements as soon as they become available. If any unfamiliar transactions are listed, contact the Bank immediately.
    • Keep your anti-virus software up-to-date on all devices.
    • Inform the Bank of any changes to personal details relating to your Bank of Ireland account.
    • Log out of your online banking session before closing your browser.
  • Report Concerns

    Report Concerns

    If you suspect you have received a fraudulent email, text or call or have been asked to provide your personal or banking information (username, pin, etc.) in an unusual manner, such as by pop-up or web page, report it immediately. Do not reply to or follow any of the instructions provided, regardless of how genuine they may appear.

  • Fraud Alerts

    Fraud Alerts

    Global ‘WannaCry’ Ransomware Attack – May 2017

    On Friday 12 May 2017 an unprecedented ransomware attack, using malware known as WannaCry, spread globally within hours and affected thousands of businesses in at least 150 countries. Its target? Any Windows computer where the available security software updates (or patches) had not been fully applied. What’s different about this strain of malware is that it is a ransomware ‘worm’, allowing it to spread as far as possible, as quickly as possible.

    What is ransomware

    Ransomware is a type of malware that prevents the victim from accessing many files on their PC and on any fileshares they are connected to. Unusually, in this instance, a user’s PC is typically infected by another infected PC, through the PC’s network connection, or via a Wireless Network. The malware uses advanced hacking methods to enable an infected PC to identify, attack and infect other PCs on the network

    Once the malware has “wormed” its way onto the user’s PC, it begins to encrypt all data files on that device. When the encryption is complete, a blocking screen appears, ordering the user to pay a ransom in order to regain access to their files with a decryption key within a set time period. In the case of WannaCry, this ransom was $300 (€275) in Bitcoin for each device affected, if paid within 3 days.

    While WannaCry was infecting the user’s PC, it was also busy searching for other unpatched Windows PCs to infect as well. It is this feature which has enabled it to spread so fast across the globe, especially in large corporate companies with machines linked together in the same network.

    Guidance for home and business

    There are a number of easy-to-implement steps you can take to help protect yourself and/or your business against a ransomware attack:

    • DO NOT click links in suspicious emails or download unsolicited email attachments.
    • If you receive an email from a known sender, but with an unusual link or attachment, contact them first to confirm the legitimacy of the email.
    • If you receive a suspicious email in relation to your Bank of Ireland accounts, forward it as an attachment to 365security@boi.com immediately.
    • Be careful when accessing websites; do not click on advertisements as they could contain malicious software.
    • Ensure your anti-virus software is up to date.
    • Always run your computer or network on the most up to date version of the operating system.

    In light of the recent and ongoing global cyber attacks, Bank of Ireland has taken additional precautionary security measures to safeguard Bank and customer information. These measures are based on the cyber threat intelligence available to the Group from a range of trusted sources, and include rigorous inspection of all incoming communications to the Bank. This may result in a delay in us receiving emails with attachments that are sent into the Group. We apologise for any delay and inconvenience this may cause, however we always take the security of our customer information seriously and we are taking these additional steps during this period of heightened alert. We would like to thank customers for their patience during this time.

    Protect yourself

    In addition to the general guidance above, you should take the following step to protect yourself:

    • Set your Windows Update settings to automatically update (and apply patches) as early as possible.

    Protect your business

    In addition to the general guidance above, you should take the following steps to protect your business:

    • Apply security patches as soon as possible after they become available.
    • Back up your data. You can’t be held to ransom if you hold your data somewhere else.
    • Review and restrict accesses to your technology on a needs basis.
    • Ensure you have a firewall enabled on your technology.

    If you are affected

    • If you think you have been the victim of a ransomware attack and your data files have become infected, the general advice from law enforcement agencies is not to pay the ransom.
    • It is also advised that you disconnect infected computers from your business network immediately to stop the spread of infection to other computers in your network.
    • Contact your security service provider if you have one, or seek professional advice from a security service provider.

    Helpful Sites

    The Business Continuity Institute – www.thebci.org

    The Europol European Cyber Crime Centre (EC3) and partners website – www.nomoreransom.org

    Ransomware is a very real and current threat.  The scale and speed of the WannaCry attack globally reinforces the importance of being prepared and having the right defences in place.


    Fraud Alerts Archive


    • Fake texts claiming to be from Bank of Ireland

      Fake texts claiming to be from Bank of Ireland - February 2017

      Fake texts are currently in circulation, claiming to be from Bank of Ireland.

      This latest ‘smishing’ campaign, targeting Irish mobile users, uses text messages to send links to fraudulent websites, such as the below example:

      “Your BOI online access has been locked for security reasons. Confirm your details below from Bank of Ireland (link provided)”

      These texts are fake.

      Do not click on any links. They will try to trick you into providing your online banking details or card details to fraudsters.

      Bank of Ireland will never send you a link asking you to confirm your personal banking details.

      If you have received a suspicious text claiming to be from Bank of Ireland, please do the following:

      • Do not click on any links.
      • Report the incident to 365security@boi.com (include the phone number that the text was sent from, or forward a screenshot of the text, if possible).
      • Delete the text.
      • If you have clicked on the link, call 365 online as soon as possible, using the numbers below:
      From ROI 0818 365 365
      From NI/GB 0345 7 365 555
      Outside these locations +353 1 404 4000

    • Boiler Room Scam

      Boiler Room Scam

      Purpose of Alert:
      The Bank wishes to alert Customers and members of the public to the threat of share sale fraud - more commonly known as Boiler Room scams.

      Share sale, boiler room, hedge fund or bond fraud involves bogus brokers, usually based overseas, cold calling people to pressure them into buying shares that promise high returns or whose share price is about to ‘go through the roof’. In reality, the shares are either worthless or non-existent.

      Boiler room fraudsters are highly trained and use ‘hard sell’ techniques to pressurize investors into making rushed decisions to buy shares which are of little or no value.

      If you deal with a share sale fraudster or Boiler Room you’ll almost certainly lose the money you’ve invested and you won’t have any right to claim compensation under the Investors Compensation Scheme (Ireland), as the Boiler Room firm is NOT AUTHORISED as an investment firm by the Central Bank of Ireland (Central Bank).

      Key points:
      Most Boiler Room scams start with an UNSOLICITED phone call, in which a professional sounding ‘stockbroker’ offers you a fantastic investment opportunity.

      These salespeople are persistent and are trained in dealing with any objections or questions, they specialize in using high pressure ‘hard sell’ tactics in order to persuade victims to agree to buy shares, they will often claim that by agreeing to buy the shares you have ‘entered into a contract’ to do so.

      They will urge you to be discreet and not to tell anyone else about the deal, this enables them to continue cold calling hundreds of other potential victims while the scam is running.

      In order to appear legitimate, firms will often have websites which look professional, they may provide official-looking documentation and share certificates, all these are ultimately worthless.

      As most Boiler Rooms are based overseas you will be asked to send your “investment” by International Payment, you will probably never get any money back.

      Remember: if it looks too good to be true, it probably is!

      Advice for Customers:
      If you receive an UNSOLICITED call from a person who offers you an opportunity to invest in shares HANG UP.

      Genuine investment firms are authorised by the Central Bank of Ireland. If you wish to check whether a firm is authorised you may do so on their website http://www.centralbank.ie/regulation/Pages/home.aspx

      If in doubt, refer your query to a Qualified Financial Advisor who is known to you – explaining why you are concerned.

      If you think you may have been duped by a boiler room scam you should report it to the Central Bank of Ireland and to the Gardai.

      Recovery Fraud:
      People who have lost money on Boiler Room scams may subsequently find themselves being targeted in a ‘recovery room’ fraud, where the victim receives a call from a firm who will claim that they can help to recover the lost investment monies.

      This however, is simply another part of the boiler room scam and the ‘recovery’ firm will request upfront payment of substantial fees before they handle your case, again this is just another way of scamming more money from victims.

    • CEO/CFO Fraud

      CEO/CFO Fraud

      First Published October 2015, re-published January 2017.
      This is a general notice issued by the Financial Crime and Security Department of BPFI on behalf of BPFI members.
      Purpose of Advisory:
      A number of businesses in Ireland have recently been targeted by fraudsters using bogus emails which purport to be from a senior member of staff within the organisation requesting an urgent payment or electronic transfer be made outside of normal procedures or trading patterns.

      A pdf version of the BPFI CEO/CFO Spoofed Email Payment/Mandate Request Fraud Alert is available to download here.

      Key Details:
      A member of staff at the finance or accounts department receives an email purporting to be from a senior member of staff within the organisation, whether Director, CEO, Chairman, levels etc., requesting they arrange an urgent payment outside of their normal procedures due to exceptional circumstances.

      The email appears to be genuine due to the address in the “From” box reflecting the genuine email address of the senior member of staff. With the recipient believing the email to be genuine, they arrange for the payment to be made through their preferred payment method for the credit of the fraudster’s account, from where the monies are usually quickly withdrawn or transferred out.

      There are two methods which the fraudster could use to facilitate this type of fraud attempt:

      Email Spoofing
      Using technical know-how, social engineering or malware, the fraudster is able to construct an email which appears to have come from another source, whilst disguising the true originator. Hovering the curser over the name in the “From” box will not reveal the true origination address in these cases and therefore the email appears genuine. The difference in the spoofed email account is very subtle and can easily be mistaken for the legitimate email address.
      Hacked Email Accounts
      The fraudster hacks into the victim’s email account and starts issuing emails in the victim’s name, including payment requests to banks or work colleagues. Customers that are more vulnerable to this type of attack are normally users of free email services such as Gmail, Hotmail and Yahoo, for example.
      Red Flags
      • Any payment request which is outside of normal policy or process, especially if received by email
      • Any urgent or confidential request not respecting the standard working procedure or trading patterns
      • Any unusual payment request such as transfer of high amounts to an unknown or foreign account or to a country where the company has no market relations
      Action:
      Although not exhaustive, some examples of action you can take to protect yourself are:

      • Businesses should have a specific documented internal process for the arrangement and authorisation of payments
      • Any requests outside of that procedure, especially if received by email, should be regarded as suspicious
      • For such requests, verbal contact should be made with the person sending the email, using a known contact number from the company’s internal records, to confirm the request
      • Businesses should strengthen their passwords for access to their email accounts, to include a mixture of uppercase letters, numbers and special characters, e.g. $&, etc.
      • Businesses should avail of password manager applications and use passphrases instead of passwords

    • Fake PC Support Calls

      Fake PC Support Calls

      Re-published December 2013

      Purpose of Alert:
      The Bank wishes to alert customers and members of the public to a scam that is currently active in the Irish marketplace.

      Irish consumers are receiving telephone calls from persons claiming to be security engineers from a major computer company (they’re not!), or working on behalf of a major international computer company (they don’t), to tell them they have a virus on their computer (not true!).

      Key points:
      • Consumers are cold called by someone claiming to be from a computer firm and told there is a problem with their computer and offering help to solve the computer problems.
      • Once the caller has gained the consumer’s trust, they ask the consumer to log onto a website to download a file to help solve the problem, or
      • The caller may ask the consumer to allow them online access to the consumer’s PC so that they can run a quick scan. Having done so, many victims report seeing the cursor on screen being manipulated by the caller as he/she configures the consumer’s PC.
      • The caller will then ask for the victim’s credit card details in order to ‘purchase’ a software package which will fix the virus. They also potentially attempt to steal from the victim by accessing personal information on their computer. In addition to gaining access to personal details, they can also infect the computer with damaging viruses and spyware.
      Detail:
      Customers and members of the public are encouraged to treat all such unsolicited phone calls with scepticism and not to provide any personal banking information (including Credit Card details) to anyone over the phone or online in response to these calls.

      Anyone who receives an unsolicited call from a person claiming to be from a computer firm or a PC Repair business should hang up. Legitimate business firms do not make these kinds of calls.

      Garda intelligence suggests that such calls originate from Asia and Africa and the phone numbers quoted are usually fake. It is believed that auto-dial machines are being used to perpetrate this scam and this has resulted in both customers and businesses (including bank branches) receiving these bogus calls.

      Action:
      If you receive a call from one of these fraudsters, HANG UP,

      DO NOT give these callers online access to your PC,

      DO NOT give these callers your Credit Card details,

      DO keep your anti-virus software up to date.

      If you suspect fraud has occurred on your Bank of Ireland Credit Card, contact 00 353 1 6798993, option 1.

    • Invoice Redirection Fraud - BPFI Issue Fraud Alert

      Invoice Redirection Fraud - BPFI Issue Fraud Alert

      Publication by:
      Banking and Payments Federation (BPFI)
      For the attention of:
      Irish Businesses
      Purpose of Advisory:
      To advise that a number of businesses in Ireland have recently fallen victim to a scam involving bogus emails being received that purport to be from an existing creditor. The email generally contains a letter as an attachment, the letter purports to notify the receiver of new (amended) bank account details to which all future payments are to be sent.
      Key Details:
      1. Irish businesses are increasingly experiencing attempted Invoice Re-direction fraud.
      2. This involves a creditor's beneficiary details being fraudulently altered.
      3. The business is misled into believing that a beneficiary's bank account details have been changed and so funds that are due to be paid out are transferred to a fraudulent account.
      4. Attempts such as this could be successful if the change of details request is not confirmed directly with the source supplier (Use a phone number from your files, not from the letterhead of the suspect letter).
      5. There are various other measures a business can take to safeguard itself against such fraud.
      6. For further details please see below.

       

      Background:
      There is a growing trend in Payment Fraud involving beneficiary details being fraudulently altered. This bogus invoice fraud usually involves genuine invoice details being intercepted by unknown means, the beneficiary account details are altered so that payment is redirected to an account under the fraudster's control. The fraud will usually be discovered some time afterwards when the legitimate company sending the invoice queries "non-payment".
      What Are the Tell Tale Signs?
      The email notifying the change of details may be in the name of someone that the receiver is used to dealing with, however the fraudsters will have created a bogus email account and the sender’s name which will carry a minor variation, see following examples:

      GenuineBogus

      james.ryanabcd@hotmail.com jamesryanabcd@hotmail.com
      liz.smythabcd@stantons.com liz.smythabcd@stantonz.com

      Fraudsters may then submit bogus invoices. These invoices (and any covering letters) may appear to be printed on company headed paper but are more likely scanned copies from an original document and printed onto paper using a domestic printer so the company logo may appear less sharp and slightly blurred.

      Action:
      Although not exhaustive, some examples of action you can take to protect yourself are:

      • Make a phone call to a known contact within the firm that appears to be requesting fundamental changes in banking details.
      • Always confirm change of bank account requests with the company making the change, being mindful not to use the contact details on the letter requesting the change.
      • Look out for different contact numbers and e-mail addresses for the company as these may differ from those recorded on previous correspondence.
      • Consider reviewing change of account details already acted upon where payment is due at a future date and confirming the authenticity of the request.
      • Consider setting up designated Single Points of Contact with companies to whom you make regular payments.
      • Instruct staff with responsibility for paying invoices to be cognisant of checking invoices for irregularities and checking out their concerns with the company requiring payment.
      • Consider setting up a system whereby when an invoice is paid you also send an email to the recipient informing them that payment has been made and to which bank account. Be mindful of account security and consider including the beneficiary bank name and the last four digits of the account to ensure security.
      • Fraudsters may have found information regarding contracts and suppliers on the victim organisation's own web-sites. Consideration should be given as to whether it is necessary to publish information of this type in the public domain as it has been demonstrated that it can be used to facilitate fraud.
      • For payments over a certain threshold, consider organising a meeting with the company who are requesting payment, and satisfy yourself that payment will be sent to the correct bank account and recipient.

      This is a general notice issued by the Financial Crime and Security Department of the BPFI on Behalf of BPFI members.

    • Malware Alert Urgent

      Malware Alert Urgent

      June 2014

      The National Crime Agency ‘NCA’ (UK) recently issued an alert in relation to Malicious Software (Malware). This arises from the identification and shut-down by international Law Enforcement authorities of over 1m compromised computers (a ‘botnet’). The Agency is advising the public that they have two weeks (from 2/6/14) before hackers regroup and recommence their criminal activities against unsuspecting and unprotected computer users.

      The authorities indicate that if your computer does not run Windows, then this alert may not apply directly to you. Other problems might though, and in order to keep yourself protected you should always keep your antivirus up to date.

      Advice (particularly for Windows users)
      • You can protect yourself by:
        • making sure security software is installed on your PC and is kept updated,
        • by running scans, and
        • checking that your computer operating systems and applications are up to date.
      • Regularly back up all your files, especially Word, Excel and Powerpoint documents along with your Photos and any other items you would not like to lose. Store this information securely (encrypted) in a separate storage device.
      • Do not open attachments in emails unless you are 100% certain that they are authentic.

      For further information and advice on staying secure online, visit:

      www.makeitsecure.org/en/top-tips.html

      https://www.365online.com/online365/spring/security

    • Pension Liberation

      Pension Liberation

      Purpose of Memo:
      The Bank wishes to alert customers and members of the public to a scam that is currently active.
      Detail:
      Pension Liberation also known as ‘pension loans’ and ‘pension scam’ is a transfer of a scheme member’s pension savings to an arrangement that will allow them to access their funds before the age of 55. But accessing pension savings before minimum pension age is only possible in rare cases, like terminal illness.

      Pension Liberation can result in tax charges and penalties of more than half the value of a member’s pension savings, and those being targeted are usually not being told about the potential tax implications. This is in addition to high charges, typically 20 to 30% for entering into one of these arrangements and high risk investments for the remaining pension savings.

      Warning signs:
      • Unsolicited contact
      • Transfer of funds overseas
      • Attempts to access pension before the age of 55
      • Copy of documentation has not been provided to member
      • Member encouraged to carry out transfer quickly
      • Receiving scheme not registered/newly registered with relevant Revenue authority
      • Member informed there is a legal loophole
      Action:
        • Never give out financial or personal information to a cold caller;
        • Check the credentials of the company and any advisers – who should be registered with the appropriate regulatory authority, e.g. the Financial Conduct Authority in the UK, or the Irish Pensions Board in RoI;
        • Ask for a statement showing how your pension will be paid at retirement, and question who will look after your money until then;
        • Speak to an adviser that is not associated with the deal you’ve been offered, for unbiased advice;
        Never be rushed into agreeing to a pension transfer.

      For further information on Pension Liberation see:

      www.bankofireland.com.

    • Phishing & Smishing Activity - Revenue Commissioners Issue Fraud Alert

      Phishing & Smishing Activity - Revenue Commissioners Issue Fraud Alert - November 2016

      Publication by:
      Revenue Commissioners
      For the attention of:
      All consumers
      Purpose of Advisory:
      The Bank wishes to alert customers and members of the public to the recent publication by the Revenue Commissioners of an Alert in relation to fraudulent Phishing (email) and Smishing (SMS text message) activity.
      Revenue Publication:

      Warning:Latest Email and SMS (text message) Scam.

      This week (21/11/2016) the Revenue Commissioners have become aware of fraudulent emails and SMS (text messages) purporting to come from Revenue seeking personal information from taxpayers in connection with a tax refund or seeking credit/debit card details.

      These emails and text messages did not issue from Revenue.

      The Revenue Commissioners never send emails or text messages requiring customers to send personal information via email, text or pop-up windows.

      Anyone who receives an email or text message purporting to be from Revenue and suspects it to be fraudulent or a scam should simply delete it. Anyone who is actually awaiting a tax refund should contact their local Revenue Office to check its status.
      Anyone who provided personal information in response to these fraudulent emails or text messages should contact their bank or credit card company immediately.

      Please see www.revenue.ie/en/security.html for more information.

    • Scam Calls

      Scam Calls

      Purpose of Memo:
      Bank of Ireland reminds all shareholders to be vigilant to potential scams which are targeted at shareholders in Irish public companies.
      Key Points:
      • It has come to our attention that there has been a marked increase in fraudulent calls to mobile phones in recent weeks.
      • The phone number on the incoming call appears to begin with "+4212/60". The distinguishing characteristic of the caller’s number is the inclusion of the forward slash.
      • While recipient experience in taking the calls varies, answering a call from this number always results in a premium rate charge appearing on the customer's bill.
      Action:
      Law enforcement intelligence advises everyone to be cognisant of the issues surrounding unsolicited calls from unknown numbers and to be vigilant in this regard.

    • Share Fraud

      Share Fraud

      Bank of Ireland reminds all shareholders to be vigilant to potential scams which are targeted at shareholders in Irish public companies.

      Information on scams
      So called “share fraud” scams are operated by fraudsters who contact shareholders unexpectedly and offer to buy their shares at prices higher than current market value. However, while they appear to offer high returns, those who invest usually end up losing their money.

      These individuals often use high pressure sales tactics and tell shareholders that they need to make a quick decision or miss out on a deal which will give them a large return on their investment. The offer to purchase shares will likely come with a request for money up front as a bond or other form of security, which will be accompanied by a guarantee to pay back the money involved if the sale does not go ahead. This advance fee is part of the scam – shareholders are unlikely to hear from them again.

      They will have accessed your name from publicly available shareholder lists. While cold calling is the most common form of contact, these people will also use email, post, face-to-face contact or will approach some shareholders at seminars.

      Always be extremely careful and vigilant before buying or selling shares, especially if the contact is unsolicited. Be wary before releasing funds in advance of any positive proof of the validity of any offer.

      Remember:
      • Keep in mind that firms authorised by the Central Bank of Ireland or the UK’s Financial Conduct Authority are very unlikely to contact you out of the blue with an offer to buy or to sell shares.
      • Always take a note of the name of the person and organisation that has contacted you and avoid getting into a conversation with them.
      • Beware of fraudsters claiming to be from a firm which is authorised – they may copy its website or letterhead. If you are in doubt, use publicly available contact details to make contact with the firm directly to ascertain whether the communication is genuine.
      • Check if the company or individual is on the list of authorised investment firms which is available from the Central Bank's website.
      • Obtain independent advice from a qualified advisor or stockbroker.
      • Do not provide bank details or arrange to transfer money if you are not absolutely sure of the identity and bona fides of the caller.
      • Remember that at any time when you are uncomfortable with a conversation continuing, you can just hang up.

      Report any unsolicited approaches in relation to your shares to the Company’s Registrar, Computershare Investor Services (Ireland) Limited at +353 (0) 1 2475414.

    • Vishing (phone) scam

      Vishing (phone) scam

      December 2015

      Publication by:
      BPFI
      For the attention of:
      Consumers
      Purpose of Advisory:

      There are increasing reports of consumers being cold called by fraudsters claiming to be from a major computer company and or financial institutions. A number of individuals have been duped and have disclosed their information and have suffered financial loss.

      Key Details:

      The consumer is contacted, and the caller purports to be:

        • From a computer company and advises they can help in the resolution of PC issues, or

       

        From their financial services provider and advises there has been a fraud on their account

      In both instances, during the call the customer is requested to provide their date of birth and their bank card details to the perpetrator. Following disclosure of this information customer accounts are subject to fraud as a result of this scam.

      Red Flags:
      • Consumers are contacted via an unsolicited phone call or cold called
      • Caller claiming to be from major computer company or their financial institution
      • The consumer is requested to provide personal information (e.g. date of birth)
      • The consumer is requested to provide their bank card (i.e. debit or credit), PIN (Personal Identification Number), CVV/CSC number & 3D secure password details
      • Older consumers appear to be particularly targeted
      Action:
      • Customers are reminded to treat all unsolicited phone calls with scepticism.
      • Never allow a ‘cold caller’ take control of your computer or laptop. Strangers who ring advising that you are having a problem with your computer are trying to defraud you.
      • Financial institutions are committed to protecting consumers from fraud. While they may contact their customers to discuss the operation of their account and/or their satisfaction with their banking arrangements, they will never make contact asking for personal banking details.
      • Emails or phone calls that consumers may receive requesting such information are an attempt to defraud.
      • Consumers must never disclose their personal banking login or other details in response to any unsolicited request. Consumers are reminded to keep their personal banking login and card details safe and that personal banking login and card details must never be shared.

      Remember your bank will never initiate contact with you by phone/email asking for account/personal financial information
      details.

      This is a general notice issued by the Financial Crime and Security Department of the BPFI on Behalf of BPFI members.

      Disclaimer Note: The information contained in this Fraud Alert /Advisory is for general guidance and for information purposes only and is intended to enhance awareness and vigilance regarding this.

    • Vishing Scam

      Vishing Scam

      August 2015

      Publication by:
      BPFI
      Purpose of Advisory:
      There are increasing reports of bank customers being cold-called by persons claiming to be from a well-known a Retail Outlet and being told that a third party is in the outlet at that time attempting to fraudulently use the customer’s card (visa debit or credit). A number of customers have been
      duped and substantial sums have been paid away/transacted.
      Key Details:
      The customer is advised by the caller to contact their card services team, using the number on the reverse of their card to notify the bank of the
      compromise. The customer proceeds to immediately call this number (sourced from the back of their card), however as the initial caller has not
      hung up, the line remains open for a number of minutes. The customer proceeds to disclose their personal banking information to the bogus card
      unit (i.e. the perpetrator) who has remained on the telephone line.In recent incidents, the bogus card unit advises the bank customer to ring An Garda Síochána. The bogus card unit provides the customer with a phone number to ring. Yet again the phone line remains open as the second call was also not terminated. The bank customer, in turn thinks they are actually speaking with the Gardaí and acts on the advice they are given.In recent cases the perpetrator pretending to be the Gardaí instructs the bank customer to move their money to a “new safe bank account” overseas.
      Substantial sums have been lost by victims as a result of this crime.
      Red Flags:
      • Bank customers are cold called - receiving unsolicited telephone calls.
      • Caller claims to be from a well-known Retailer informing them of a fraud involving their bank card (debit or credit).
      • The initial phone call is not terminated (i.e. the phone line remains open) as the perpetrator does not hang up.
      • On the second call (this in fact is a continuance of the first call) the bogus card unit does not know any personal information about the customer (e.g. where I live, my date of birth, etc.).
      • The bogus card unit seeks details of the customer’s bank account.
      • Either the bogus card unit or the perpetrator acting as the Gardaíattempts to dupe the customer into transferring a large sum from their
        account to a bank account overseas (possibly in the UK or other destinations).
      • Customers are advised by the perpetrators/fraudster that their bank/branch staff cannot be trusted.
      Action:
      • Consumers are encouraged to treat all unsolicited phone calls with scepticism and to be vigilant in this regard.
      • Hang up the call – in advance of making any subsequent calls ensure and listen for a dial tone.
      • “Phone a Friend” in order to ensure that any suspect call has terminated – call and speak with someone who is known to you
        (e.g. a loved one, a family member, a neighbour etc.) then
      • Phone your bank’s customer services team using the number from the reverse of your bank card, ensure there is a dial tone before you ring.
      • Your Bank will never contact you and ask for your full PIN number,neither will the bank ask you to input your full PIN number onto your
        phone keypad during a phone call.

      Remember your bank will never initiate contact with you by phone/email asking for account/personal financial information
      details.

      This is a general notice issued by the Financial Crime and Security Department of the BPFI on Behalf of BPFI members.

      Disclaimer Note: The information contained in this Fraud Alert /Advisory is for general guidance and for information purposes only and is intended to enhance awareness and vigilance regarding this.

    • Vishing (Phone) Scam - BPFI Issue Fraud Alert

      Vishing (Phone) Scam - BPFI Issue Fraud Alert - October 2016

      Publication by:
      Banking and Payments Federation (BPFI)
      For the attention of:
      All consumers
      Purpose of Advisory:
      To inform consumers of a scam where persons claiming to be employees of an internationally known money transfer business ‘MTB’ (or, perhaps, a bank employee) are cold calling individuals (often elderly) and duping them into sending funds abroad via the money transfer business (usually to India).
      Key Details:
      • The Banking & Payments Federation Ireland has received reports advising that a number of consumers have received calls purporting to be from an internationally known money transfer business (or, in some instances, the caller purports to be a bank employee).
      • The fraudster informs the consumer that the MTB office in New Delhi has released funds to a relative of theirs and that the MTB have subsequently discovered this to be a fraudulent transaction. (The transaction, in fact, has not occurred)
      • The caller advises that the MTB are prepared to refund the monies but require an upfront amount (say, €600 / €800) in order to process the claim. In one call the victim was advised that the amount to be refunded was €1,500. However, the minimum amount that could be returned electronically was €2,100 and the victim would have to “top-up” the original sum by €600 in order to receive the full refund)
      • These “additional” funds are to be sent to the MTB based in India by the consumer (i.e. victim) in order to retrieve the original amount.
      • Once the funds are sent the victim is frequently is told that this transaction has been “hacked” and that a second transfer is required.
      Red Flags:
      • Consumers are being cold called;
      • In recent cases, the caller has been male with an Indian / Asian accent
      • The caller is claiming to be an employee of an internationally known money transfer business (or perhaps, a bank employee)
      • Consumer is informed that there has been a fraudulent transaction on their account which will be refunded if they send an upfront fee (typical Advance Fee Fraud)
      Action:
      • If any consumer receives such a call ‘out of the blue’ they should treat the call with considerable suspicion. Record the detail of the inbound call – phone number, date, time, accent etc.;
      • Under no circumstances should consumers remit any funds to a money transmission business in the hope of receiving a refund
      • An Garda Síochána should be immediately informed of any such requests
      • Forward the details of suspect calls and or requests immediately to your bank (contact details can be found on the reverse of your bank card) If you have actually transferred monies in response to one of these bogus calls, you should contact the money transmission business immediately – use a phone number from Directory enquiries or from the Internet. DO NOT USE the phone number from the suspect phone caller.

      This is a general notice issued by the Financial Crime and Security Department of the BPFI on Behalf of BPFI members.

      For more information on Fraud Alerts you can visit the Banking & payments Federation Ireland website.


    Disclaimer Note: The information contained in this Fraud Alert /Advisory is for general guidance and for information purposes only and is intended to enhance awareness and vigilance regarding this fraud.
  • Security Videos

    Security Videos

    Watch our short video for tips on how to keep yourself safe online.

    Stay Safe Online

  • Brochures

    Brochures

    Read our guidance on what to look out for in a Business Email Compromise attack.