Archive

Please see below for details on recent fraud alerts.

  • Fraudsters using spoof bank texts in a new scam
  • Malicious Software
  • Pension Liberation
  • Scam Calls
  • Fraud against the elderly
  • Money mules (job vacancies)
  • Lottery fraud

 

  • People’s Energy Data Breach

     

    The purpose of this alert is to inform Bank of Ireland UK customers of the People’s Energy Data Breach.

    Summary

    Bank of Ireland UK have been advised that on 16 December 2020 People’s Energy discovered that it had a data breach. The hackers had stolen the data of approximately 270,000 current and previous customers. The data stolen included customer names, addresses, date of birth, telephone numbers, tariff and energy meter IDs. It has been reported that hackers did not obtain the financial details of these customers.

    We understand that People’s Energy has notified all of its impacted customers and any enquiries should be made directly with them.

    We would like to remind our customers to remain vigilant against fraud. Even though bank details were not stolen in this instance, customers of People’s Energy will be more vulnerable to Vishing or Phishing fraud, where the stolen details are used by the criminals to target victims and scam them into giving out their bank details.

    Suspicious calls (Vishing)

    Be vigilant if you receive a phone call out of the blue from someone claiming to be from your bank, credit card company or another company you trust. They may claim that your account has been compromised and ask you for your bank card or bank account details. Remember: Bank of Ireland UK will never ask you to transfer money out of your account.

    What to look out for:

    • Unexpected calls claiming to be from your bank, credit card company or well-known company that you trust.
    • Being asked to confirm your password, full login PIN or bank account number.
    • Urgent requests and threats.
    • Claims that your account has been compromised or there is something wrong with a payment.
    • Requests to transfer money out of your account, for example using a money transfer service.
    • The fraudster might tell you the first four digits of your card number and ask you to confirm the rest.
    • Being asked if you made a recent transaction at a well-known store, such as a supermarket. The fraudster is only guessing this information to sound more believable.
    • Claims that some payments have already been made from your account to a foreign country and that they can ‘stop’ any more going through.
    • Please note, the Bank, Police or any other genuine organisation will never ask for your help in investigating crime. If you are contacted with a similar request, please end the call immediately and call us, preferably from a different phone, to inform us of the suspicious call.

     

    Suspicious emails (Phishing)

    Fraudsters sometimes send emails pretending to be from your bank, credit card company or another company you trust, usually asking you to click on a link or open an attachment. The emails may seem genuine and convincing but are designed to trick you into sharing your personal information, such as your username, full PIN or credit card number. They will often make urgent threats and try to scare you into providing your details.

    What to look out for

    • Check for misspellings or unfamiliar sender addresses.
    • Unexpected emails which claim to come from a financial institution.
    • Urgent requests and threats.
    • Claims that your account has been compromised.
    • Requests to “Open an Attachment” or “Click a Link”.

     

    Further information

    To find out more about fraudster Tactics, and what you can do to protect yourself please refer to the Fraudster tactics section of our website.

     

    Report Fraud

    If you suspect suspicious activity on your account, or if you have provided personal information in response to a suspicious email, text or telephone call, please contact us as soon as possible on the below contact numbers:

    Northern Ireland
    Freephone (Personal accounts): 0800 121 7790 (24 hours, 7 days a week).
    365 Online: 0345 7 365 555

    Great Britain
    365 Online: 0345 7 365 333

    Republic of Ireland
    365 Online: 1890 365 200/ 0818 365 365

    Abroad
    365 Online: +44 345 7365 555

    365 Opening hours: Monday-Friday: 8am-8pm, Saturday: 9am-5pm, Bank and Public holidays: 10am-5pm, Sunday: Closed.

    To report suspicious Bank of Ireland related emails or texts, send the suspicious email or text to 365security@boi.com

    If we need to contact you about a potential fraud on your account, we will do this via a secure channel including, but not limited to, SMS or email.

     

  • Christmas Shopping Fraud aware

    Christmas shopping creates the busiest time of year for retail, due to Covid-19 this year a lot of people will be doing their Christmas Shopping online. Fraudsters will try to take advantage of this so we are reminding our customers to take extra care when doing their Christmas shopping online this year.

    What to look out for

    Is the website safe?

        • Always go directly to the site or access it via a search engine (e.g. Google, Bing) first. Never follow links on websites or in emails if you are suspicious.
        • Ensure the web address is what you expected (e.g. check for incorrect spelling).
        • When entering login details or personal information, be sure the web page you are viewing offers encryption of your data by checking:
          • The web address (URL) has changed from ‘http’ to ‘https’.
          • A closed padlock icon is present.
          • Your browser address window may be green.
          • Always ensure you are buying only from reputable retailers, whether from personal experience or trustworthy recommendations. If it is not a well-known shopping site, do some research and look for independent reviews rather than trusting testimonials on the site itself.
        1. Use a guaranteed payment method such as PayPal when shopping online.
        2. If it looks too good to be true, it probably is.
        3. Always view large purchases in person prior to paying for them.

        Fraudster Tactics
        Fraudsters will try to contact people by email, text, phone, social media and home visits with an aim of scamming you into giving them your money. Please refer to the Protect yourself section of our website to find out more about how you can identify suspicious activity, and what you can do to protect yourself.

        We encourage you to Take Five by following the below steps:

        1. Never disclose security details, such as your PIN or full banking password
        2. Don’t assume an email or phone call is authentic
        3. Don’t be rushed – a genuine organisation won’t mind waiting
        4. Listen to your instincts – you know if something doesn’t feel right
        5. Stay in control – don’t panic or make a decision you’ll regret.

        Report Fraud
        If you get a suspicious call or email, especially after sending a tweet to us, or if you notice any suspicious activity:

        • Terminate the call without providing any personal details or financial information.
        • Do not respond to or click on any links in suspicious texts or emails.
        • Never provide your full banking PIN to anyone.
        • Report your concerns to 365security@boi.com (include the phone number, a screenshot of the text if possible, or forward the email).

        You can also contact us on one of the emergency numbers below (do not use a phone number given to you in the text or email as this could be fake):

        Northern Ireland
        Freephone (Personal accounts): 0800 121 7790 (24 hours, 7 days a week).
        Freephone (Business accounts): 0800 032 1288 (24 hours, 7 days a week).
        365 Online: 0345 7 365 555
        Business Online: 0345 309 8123

        Great Britain
        365 Online: 0345 7 365 333
        Business Online: 0345 309 8124
        Lost/Stolen cards: 0800 121 7790 (24 hours, 7 days a week)

        Republic of Ireland
        365 Online: 1890 365 200/ 0818 365 365
        Business Online: 1890 818 265
        Lost/Stolen cards: +353 5 6775 7007 (24 hours, 7 days a week)

        Abroad
        365 Online: +44 345 7365 555
        Business Online: +353 1 440 6445
        Lost/Stolen cards: +353 5 6775 7007 (24 hours, 7 days a week)

        365 Opening hours: Monday-Friday: 8am-8pm, Saturday: 9am-5pm, Bank and Public holidays: 10am-5pm, Sunday: Closed.

        Business Online Opening hoursMonday-Friday 8am-6pm. Closed Saturday, Sunday, Bank and Public holidays.

        If we need to contact you about a potential fraud on your account, we will do this via a secure channel including, but not limited to, SMS or email.

  • Phishing scam targeted at university students

    The purpose of this alert is to raise awareness of a phishing scam targeted at students in UK universities.

    The phishing campaign claims that the student has been awarded an educational grant as part of a student support programme. The email example below purports to have come from the Finance Department of the student’s university. It tricks the recipient into clicking on a hyperlink contained in the message to provide personal details on a webpage.

    Victims report that after submitting their sensitive information (including name, address, date of birth, bank account details, National Insurance Number and mother’s maiden name), they were taken to a spoofed website which appeared to be a genuine representative of their online bank, where they were directed to type in their online banking credentials.

    Protection and Advice

        • Don’t open attachments or click on the links within any unsolicited emails you receive, and never respond to emails that ask for your personal or financial details.
        • An email address can be spoofed, so even if the email appears to be from a person or company you know of, but the message is unexpected or unusual, then contact the sender directly via another method to confirm that they sent you the email.
        • If you receive an email which asks you to login to an online account, go directly to the website yourself instead of using the link provided in the email.
        • If you suspect an email is a scam, do not reply to the sender. Where possible, flag the email as spam and then delete it.
        • Always install software updates as soon as they become available. Whether you’re updating the operating system or an app, the update will often contain fixes for critical security vulnerabilities.
        • If you think your bank details have been compromised and/or you have lost money due to fraudulent misuse of your cards, you should immediately contact the bank and report it to Action Fraud. 
  • Fraudsters using spoof bank texts in a new scam
    The Press Office of Financial Fraud Action UK have put together a SMS Spoofing scam alert on behalf of the banking industry, this was released to the public on 9th June and the media coverage of the alert has been extensive and very successful. This fraud alert is to make customers aware of this new scam.
     
    Key Points:

    • Criminals are using spoof text messages which appear to be sent from their victim’s bank in a bid to steal personal or financial information.
    • The scam text messages claim that there has been fraud on the recipient’s account or that the account details need to be updated.
    • The texts encourage people to call a number or visit a website, often claiming the matter is urgent. However the telephone number or website is actually controlled by the fraudster, enabling them to steal security details which can be used to access the victim’s bank account and steal money.
    • To make the texts seem authentic, fraudsters use specialist software which alters the sender ID on a message so that it appears with the name of a bank as the sender. This can mean that the text becomes included within an existing text message thread on the recipient’s phone.
    • Through a second route the fraudsters take, the texts warn that the recipient will soon receive a call from their bank’s fraud department. However it is actually the fraudster that then calls the victim and attempts to trick them into revealing their full security details.
    • Intelligence also suggests that fraudsters are sending scam texts which appear to be from a landline number, asking the recipient simply to call their bank. This is in the hope that the victim will phone the number from which the text was sent, which is controlled by the fraudster, rather than the bank’s regular customer service telephone number.

     
    Advice:
    Financial Fraud Action UK’s advice on how to avoid becoming a victim of this scam:

    • Be suspicious of any text message that asks you to provide sensitive personal information, passwords or to make transactions.
    • If you’re asked to call the number given in the text message and the number is unknown to you or suspicious, call your bank on a number that you trust – such as the one on the back of your card – to check the number and message is authentic.
    • Do not call the phone number a text message has been sent from; instead call your bank on a number that you trust.

     
    Remember your bank will never:

    • Phone you to ask for your 4-digit card PIN or your online banking password, even by tapping them into the telephone keypad.
    • Ask you update your personal details by following a link in a text message.
    • Tell you over the phone how to respond to a text message confirming a transaction.
    • Ask you to transfer money to a new account for fraud reasons, even if they say it is in your name.
  • Malicious Software
    The National Crime Agency ‘NCA’ (UK) recently issued an alert in relation to Malicious Software (Malware). This arises from the identification and shut-down by international Law Enforcement authorities of over 1m compromised computers (a ‘botnet’). The Agency is advising the public that they have two weeks before hackers regroup and recommence their criminal activities against unsuspecting and unprotected computer users.

    The authorities indicate that if your computer does not run Windows, then this alert may not apply directly to you. Other problems might though, and in order to keep yourself protected, you should always keep your antivirus up to date.

    Advice (particularly for Windows users)

    You can protect yourself by:

    • Making sure security software is installed on your PC and is kept updated by running scans
    • Check that your computer operating systems and applications are up to date
    • Regularly back up all your files, especially Word, Excel and Powerpoint documents along with your Photos and any other items you would not like to lose. Store this information securely (encrypted) in a separate storage device
    • Do not open attachments in emails unless you are 100% certain that they are authentic

    For further information Get Safe Online is providing advice, guidance and tools on its website at www.getsafeonline.org/nca

  • Pension Liberation
    Pension Liberation also known as ‘pension loans’ and ‘pension scam’ is a transfer of a scheme member’s pension savings to an arrangement that will allow them to access their funds before the age of 55. But accessing pension savings before minimum pension age is only possible in rare cases, like terminal illness.

    Pension Liberation can result in tax charges and penalties of more than half the value of a member’s pension savings, and those being targeted are usually not being told about the potential tax implications. This is in addition to high charges, typically 20 to 30% for entering into one of these arrangements and high risk investments for the remaining pension savings.

    Warning signs

    • Unsolicited contact
    • Transfer of funds overseas
    • Attempts to access pension before the age of 55
    • Copy of documentation has not been provided to member
    • Member encouraged to carry out transfer quickly
    • Receiving scheme not registered/newly registered with relevant Revenue authority
    • Member informed there is a legal loophole

    Action:
    The pension Regulator’s five steps to avoid becoming a victim:

    1. Never give out financial or personal information to a cold caller
    2. Check the credentials of the company and any advisers – who should be registered with the appropriate regulatory authority, e.g. the Financial Conduct Authority.
    3. Ask for a statement showing how your pension will be paid at retirement, and question who will look after your money until then
    4. Speak to an adviser that is not associated with the deal you’ve been offered, for unbiased advice
    5. Never be rushed into agreeing to a pension transfer

    For further information on Pension Liberation see:

  • Scam calls
    Key Points:

    • It has come to our attention that there has been a marked increase in fraudulent calls to mobile phones in recent weeks.
    • The phone number on the incoming call appears to begin with “+4212/60”. The distinguishing characteristic of the caller’s number is the inclusion of the forward slash.
    • While recipient experience in taking the calls varies, answering a call from this number always results in a premium rate charge appearing on the customer’s bill.

    Action:
    Law enforcement intelligence advises everyone to be cognisant of the issues surrounding unsolicited calls from unknown numbers and to be vigilant in this regard.

  • Fraud against the elderly
    Elderly people can be particularly at risk from bogus traders/callers who set out to gain their confidence before taking financial advantage of them.
     
    Typically these people call door-to-door and offer to carry out works such as replacing roof tiles, mending guttering, decorating or they ‘convince’ the victim that repairs are necessary. Some of these people carry out a little work and charge exorbitant amounts of money for their service. In many cases the work is unnecessary. On completing the work in a very short time, they then demand substantial payment often using threatening and intimidating tactics. In some instances, they offer to drive the victim to the bank to withdraw the cash.
     
    Always remember:
    You should never leave strangers, even bona fide workers, unsupervised in your home.

    Never engage a person who insists on cash payments for services offered. Most reputable traders will not ask for money up front. Always use a method of payment which is traceable.

    Never sign a blank form for any reason – it could cost you dearly.

  • Money Mules - (Job vacancies)
    Money mules are people recruited by criminals to help transfer fraudulently obtained money from bank accounts. Fraudsters contact prospective victims with ‘job vacancy’ adverts on the internet, on job search websites or in newspapers. These jobs are usually advertised as ‘Financial Manager’ or ‘Payments Clerk’ with no other requirement than having a bank account. The mule accepts the ‘job’ in good faith and does not suspect that they are being duped into involvement in criminal activity. Once recruited a Money mule receives stolen funds into their account, followed by a request to forward the funds, minus their commission, usually overseas, using a wire transfer service.

    Always remember:

    Thoroughly research any work-from-home offer and do not get involved unless you are sure the business is legitimate.

    If a job sounds too good to be true, then it probably is.

  • Lottery Fraud
    Another scam currently being carried out by various groups of international fraudsters involves victims being contacted by email in which they are advised that they have won the lottery. No ticket purchase was necessary – according to the scammers. The victim is encouraged to pay a fee before the ‘winning’ lottery cheque is handed over. This scheme is a fraud and you should not become involved or communicate with them in any way as these winnings do not exist.
  • Boiler room investor fraud

    The Bank wishes to alert Customers and members of the public to the threat of share sale fraud – more commonly known as Boiler Room scams.

    Share sale, boiler room, hedge fund or bond fraud involves bogus brokers, usually based overseas, cold calling people to pressure them into buying shares that promise high returns or whose share price is about to ‘go through the roof’. In reality, the shares are either worthless or non-existent.

    Boiler room fraudsters are highly trained and use ‘hard sell’ techniques to pressurize investors into making rushed decisions to buy shares which are of little or no value.

    If you deal with a share sale fraudster or Boiler Room you’ll almost certainly lose the money you’ve invested and you won’t have any right to claim compensation under the Financial Services Compensation Scheme, as the Boiler Room firm is NOT AUTHORISED as an investment firm by the Financial Conduct Authority.

    Key points:

    Most Boiler Room scams start with an UNSOLICITED phone call, in which a professional sounding ‘stockbroker’ offers you a fantastic investment opportunity.

    These salespeople are persistent and are trained in dealing with any objections or questions, they specialize in using high pressure ‘hard sell’ tactics in order to persuade victims to agree to buy shares, they will often claim that by agreeing to buy the shares you have ‘entered into a contract’ to do so.

    They will urge you to be discreet and not to tell anyone else about the deal, this enables them to continue cold calling hundreds of other potential victims while the scam is running.

    In order to appear legitimate, firms will often have websites which look professional, they may provide official-looking documentation and share certificates, all these are ultimately worthless.

    As most Boiler Rooms are based overseas you will be asked to send your “investment” by International Payment, you will probably never get any money back.

    Remember: if it looks too good to be true, it probably is!

    Advice for Customers:

    If you receive an UNSOLICITED call from a person who offers you an opportunity to invest in shares HANG UP.

    Genuine UK investment firms are authorised by the Financial Conduct Authority. If you wish to check whether a firm is authorised you may do so on their website:

    http://www.fca.org.uk/firms/systems-reporting/register

    If in doubt, refer your query to a Qualified Financial Advisor who is known to you – explaining why you are concerned.

    If you think you may have been duped by a boiler room scam you should report it to the Financial Conduct Authority and to the Police.

    Recovery Fraud:

    People who have lost money on Boiler Room scams may subsequently find themselves being targeted in a ‘recovery room’ fraud, where the victim receives a call from a firm who will claim that they can help to recover the lost investment monies.

    This however, is simply another part of the boiler room scam and the ‘recovery’ firm will request upfront payment of substantial fees before they handle your case, again this is just another way of scamming more money from victims.