- Top Tips
- Report Concerns
- How to Protect Yourself
- How to Protect Your Business
- How We Protect You
- Fraud Alerts
- Take Five Campaign
- Don't Be Fooled Campaign
-
Top Tips
Report Concerns
Top Tips
Technology is making it quicker and easier to stay on top of your finances wherever and whenever you want. As more of our customers choose to use new ways of banking such as phone, tablet or computer, we’re committed to keeping their accounts and information secure.
At the same time you can help minimise the risks to yourself by being security conscious when you’re online or on your phone. While we may contact you to discuss the operation of your account, to send you product related messages, or for feedback on your banking experience please remember these points:
Customers should never:
- Click on or open suspicious links and attachments
- Respond to unsolicited text messages or emails
- Provide your full banking details in a pop-up window
Bank of Ireland UK will never:
- Send you a link directly to the login page of our online banking pages
- Send you an email with a direct link to your latest eStatement
- Ask you to share your full six-digit 365 PIN or Business On Line credentials
- Ask you to transfer money out of your account to protect yourself from fraud
- Request your account information through an onscreen pop-up window
Bank of Ireland UK will always ask 365 online customers for:
- Three random digits from your 6-digit 365 PIN – never more, never less.
- Your full 365 online user ID and
- Either your date of birth or the last four digits of your phone number – never both
Bank of Ireland UK will always ask Business On Line customers for:
- Your username and password only on the log on screen, never your Digital Certificate password
You should always:
- Check eStatements or bank statements as soon as they become available. If any unfamiliar transactions are listed, contact the Bank immediately.
- Keep your anti-virus software up-to-date on all devices.
- Inform the Bank of any changes to personal details relating to your Bank of Ireland account.
- Log out of your online banking session before closing your browser
How to Protect YourselfReport Concerns
If you suspect you have received a fraudulent email, text or call or have been asked to provide your personal or banking information (username, pin, etc.) in an unusual manner, such as by pop-up or web page, report it immediately. Do not reply to or follow any of the instructions provided, regardless of how genuine they may appear.
How to Protect Your BusinessHow to Protect Yourself
Keeping customers’ accounts and information secure is a top priority for us, but it is also important for you to know how to protect your own security as you go about your day-to-day activities.
- Online and Mobile Banking
The internet has made banking much more accessible and convenient. With online or mobile banking being used every day, there are precautions you need to take to ensure that you enjoy the safest banking experience possible.
- Never reveal your online banking login information to anyone. In particular your full online banking PIN.
- Ensure you are not being overlooked. When entering passwords or PINs into online accounts in a public place, shield your screen and ensure no one is overlooking you or trying to distract you.
- Monitor your accounts on a regular basis. Check for suspicious transactions. If you do find anything suspicious, Report it.
- Monitor your list of online payees on a regular basis. Treat any unexpected requests to change or update your payee details with caution and verify that the request has come from a legitimate source.
- Always logout completely from your online banking session. Select the log out button rather than just closing the website or app.
- Use secure websites (https). When entering login details or personal information, be sure the web page you are viewing offers encryption of your data by checking:
– The web address (URL) has changed from ‘http’ to ‘https’.
– That a closed padlock icon is present.
– Your browser address window may be green.
- Email
Email is an excellent communication tool and also a useful way to stay informed about new products and services. However, email is sometimes used to deliver unwanted material. Always be cautious when sending or receiving emails, particularly if you are sending any personal details or arranging financial transactions.
Fraudulent Emails:
Fraudsters sometimes send emails pretending to be from a reputable company in an attempt to acquire personal information (e.g. username, PIN, credit card number etc.). This is known as phishing. Some email scams have become much more sophisticated and are personalised in order to target certain people. These emails are personally addressed, well-written and look and sound professional. This is knows as spear phishing.
What to look for:
Check for misspellings or unfamiliar sender addresses.
Unexpected emails which claim to come from a financial institution.
Urgent requests and threats.
Claims that your account has been compromised.
Requests to “Open an Attachment” or “Click a Link”.Tips:
- Be suspicious of unsolicited emails. Listen to your instincts. If something doesn’t feel right then stop and question it.
- Never reveal your banking details or other personal information if requested via email.
- Check links in emails are legitimate by ‘hovering’ your mouse over the link to view the web address (URL) without clicking. If it is different to what you were expecting, do not click.
- Consider having different email addresses for different purposes; one for your bank to use, another for family and friends and perhaps a different address for online newsletters.
How to report a suspicious email:
- Call the sender to verify they sent the email. If possible use a number in a directory or on their website rather than the same number contained in the email.
- Do not reply to the email, fill out any forms or follow any of the instructions specified.
- Do not click on any links as they may try to direct you to fake websites.
- Do not open attachments as they may infect your computer with malicious software.
- Forward suspicious emails claiming to be from Bank of Ireland to 365security@boi.com and then delete.
Your email address can be obtained from publicly available sources or through randomly generated lists. Therefore, if you receive a fake email that appears to be from Bank of Ireland, this does not mean that your email address, name, or any other information has been gathered from Bank of Ireland’s systems.
Examples of Phishing emails and what to look out for:
- Shopping Online
The ability to shop, bank, book travel and make payments online has transformed our daily lives. However, these transactions are sometimes targeted by fraudsters. Most reputable organisations make it as safe as possible for customers to conduct business with them online. Today’s cybercriminals are highly skilled at creating fake websites, and persuading consumers to divulge sensitive information and make payments.
Consider these simple steps to shop online with confidence.
Is the website safe?
- Always go directly to the site or access it via a search engine (e.g. Google, Bing) first. Never follow links on websites or in emails if you are suspicious.
- Ensure the web address is what you expected (e.g. check for incorrect spelling).
- When entering login details or personal information, be sure the web page you are viewing offers encryption of your data by checking:
- The web address (URL) has changed from ‘http’ to ‘https’.
- A closed padlock icon is present.
- Your browser address window may be green.
- Always ensure you are buying only from reputable retailers, whether from personal experience or trustworthy recommendations. If it is not a well-known shopping site, do some research and look for independent reviews rather than trusting testimonials on the site itself.
How We Protect YouHow to Protect Your Business
Your security is a top priority for us but there are also steps that are important for you to take to protect the security of your business assets.
Follow some simple tips to protect your business from fraud:
- Safety for Business
When logging on to Business On Line, we will only ever ask you to enter your username and password. If you see anything unusual when logging on, please contact the Business On Line Helpdesk immediately.
- Never share your Business On Line Administrator or User password.
- Monitor your bank accounts regularly. Check for suspicious activity on your account. If you find anything suspicious, or if something doesn’t feel right, report it.
- Treat any unexpected requests to change payee or supplier’s bank account details with caution. Always check directly with a known contact in the company requesting the change before authenticating the changes and sending payment.
- Ensure you are accessing a legitimate site. Never follow a link that brings you directly to the log in page of 365 online or Business On Line. Always go directly to the site by typing the web address into your browser or access it via a reputable search engine e.g Google.
- Use secure websites(https). When entering login details or personal information be sure that the web page you are viewing offers encryption of your data by checking:
- The web address (URL) has changed from ‘http’ to ‘https’.
- A closed padlock icon is present.
- Your browser address window may be green.
- Email Safety
Business Email Fraud
By posing as senior executives, fraudsters have stolen millions from organisations across the globe through business email fraud. These schemes usually target companies working with foreign suppliers and companies that regularly perform wire transfers.
To avoid spam filters, the emails in these schemes are not mass-emailed. Instead, they are sent to only a few employees—usually employees who regularly perform wire transfers, like financial directors or accountants. These emails are well crafted, often using spoofed email addresses and logos to look more credible. This is known as spear phishing.
The fraudsters conduct extensive research to make their emails more believable. They will try to determine who is involved in wire transfers and wait for the perfect opportunity, like a change in leadership, to send the emails.
The most common type of business email fraud are:
- CEO Fraud/Business Email Compromise: An email from a senior leader, whose account has been compromised, to another employee in the organisation often containing an urgent payment request.
- Bogus Invoice Scheme: An imitated supplier invoice email is sent requesting a change in payment details. See more in Invoice Redirection Fraud.
- Payment Request Emails: An employee’s account is compromised and payment requests are sent by the fraudster to suppliers in their address book.
CEO Fraud/Business Email Compromise
This usually arises following the compromise of a senior (up to and including the CEO) employee’s email.
How to Recognise a CEO Fraud/Business Email Compromise:
- The fake email looks like it has come from an executive’s genuine address.
- Typically, it is addressed to a colleague instructing that a high value payment is made to a supplier or creditor, and usually includes the payee details, including the IBAN.
- The sender usually advises in the email that they will not be available for the following number of hours or days.
How to Protect Yourself:
- Don’t issue payment instructions to anyone via email, only by secure encrypted means.
- Don’t accept payment instructions that have been issued to you via email.
- Don’t use a phone number quoted in the suspicious email; verify the contact internally before making any payment.
- Notify the Bank and Police immediately if you receive a suspicious email.
You can find out more about Business Email Compromise by reading our brochure:
Tips:
Remember to always be cautious of unexpected emails:
- Be skeptical of urgent requests that do not follow typical company procedures and policies.
- Always verify that the email is from the real sender. If the sender is a senior leader in your company, call them directly no matter how senior they are, or one of their colleagues. If the sender is from another organisation, call a known contact in the company making the request before acting on it.
- Look carefully at where links are taking you. Some phishers include links to websites with addresses/domain names that are only slightly different to genuine sites. E.ghttp://www.bankoireland.com.bank
Fraud AlertsHow We Protect You
Online Security
- Our websites are encrypted to protect your information
- Please use a secure browser to access account information and transact
- Our websites are protected by a firewall (a barrier between the internet and our internal bank network)
Logging on and timing out
- When you log on to Bank of Ireland 365 online, we’ll ask you for:
- A private and individual User ID
- 3 random digits from your 365 login PIN
- A personal detail question
- This information is encrypted and will stay private if you don’t disclose it
- For Business On Line customers, your last log on details will show when you log on. This means you’ll know if someone else has accessed your account online
- If you’re inactive for a while, your online banking session will automatically time out
Two factor authentication
- You need a Two Factor Authentication to add or edit a payee on 365 online
- We’ll text a code to your registered mobile phone, or send via post if you prefer
Protecting your business with Bank of Ireland KeyCode
- Business On Line uses the award-winning* Bank of Ireland KeyCode
- KeyCode generates unique, one-off codes you can use to log on to Business On Line and authorise payments and payees
- It replaces your logon passwords and means you don’t need a Digital Certificate or Java
- Bank of Ireland KeyCode offers the following security benefits:
- You need a secure PIN to access the KeyCode app. This One Time Code is generated per transaction and expires when used, or after 60 seconds
- KeyCode doesn’t store any information
- KeyCode only works on your registered device, along with your corresponding Business On Line User ID
- The app is registered to one individual user
- The Business On Line Administrator can lock a user’s profile (for example, if they go on holidays, etc.)
- If you download KeyCode, the app works offline with no need for an internet connection
- Read more about Bank of Ireland KeyCode here
*Winner of ‘Best Information Security Initiatives (Corporate/Institutional)’ in Western Europe, Global Finance Best Digital Bank Awards 2017
Daily Control Limit
- The administrator and your relationship manager will set a Daily Control Limit (DCL) on your Business On Line profile
- This limit means your profile is less likely to be exposed to fraud
Take Five CampaignFraud Alerts
- Phishing scam targeted at university students
The purpose of this alert is to raise awareness of a phishing scam targeted at students in UK universities.
The phishing campaign claims that the student has been awarded an educational grant as part of a student support programme. The email example below purports to have come from the Finance Department of the student’s university. It tricks the recipient into clicking on a hyperlink contained in the message to provide personal details on a webpage.
Victims report that after submitting their sensitive information (including name, address, date of birth, bank account details, National Insurance Number and mother’s maiden name), they were taken to a spoofed website which appeared to be a genuine representative of their online bank, where they were directed to type in their online banking credentials.
Protection and Advice
- Don’t open attachments or click on the links within any unsolicited emails you receive, and never respond to emails that ask for your personal or financial details.
- An email address can be spoofed, so even if the email appears to be from a person or company you know of, but the message is unexpected or unusual, then contact the sender directly via another method to confirm that they sent you the email.
- If you receive an email which asks you to login to an online account, go directly to the website yourself instead of using the link provided in the email.
- If you suspect an email is a scam, do not reply to the sender. Where possible, flag the email as spam and then delete it.
- Always install software updates as soon as they become available. Whether you’re updating the operating system or an app, the update will often contain fixes for critical security vulnerabilities.
- If you think your bank details have been compromised and/or you have lost money due to fraudulent misuse of your cards, you should immediately contact the bank and report it to Action Fraud.
Don't Be Fooled CampaignTake Five Campaign
In 2015, £755 million was lost to financial fraud, but we can all help to lower this figure by remembering one simple action – to stop and think.
That’s why the Take Five campaign – led by Financial Fraud Action UK Ltd – is encouraging the nation to do just that; to take time to stop, step back and think before they act.
If you receive a request to hand over (or do something with) personal or financial information, you need to take a moment to reflect and step back from the situation. Yes, even if they say they’re the bank, police or another trusted organisation, you still need to take the time to stop and think about what’s really going on.
Because deep down, you probably already know these basic rules on how to beat financial fraud – you just need to take a deep breath and stay calm enough to remember them.
- Never disclose security details, such as your PIN or full banking password
- Don’t assume an email or phone call is authentic
- Don’t be rushed – a genuine organisation won’t mind waiting
- Listen to your instincts – you know if something doesn’t feel right
- Stay in control – don’t panic or make a decision you’ll regret
Take Five, a new national campaign led by Financial Fraud Action UK, is here to help you take action against the financial fraud that affects millions of people in the UK each year. If you think there has been fraud on your card or bank account – or if you suspect anyone has attempted to obtain your financial details – report it immediately to your bank or other financial services provider and then contact Action Fraud on 0300 123 2040 or at www.actionfraud.police.uk.
For more information you can download the Take Five customer advice guide below or visit www.takefive-stopfraud.org.uk
Don't Be Fooled Campaign
Fraudsters may ask you to receive money into your bank account and transfer it into another account, keeping some of the cash for yourself. If you let this happen, you’re a money mule. You’re involved in money laundering, which is a crime.
You can be approached by fraudsters online or in person. They might post what looks like a genuine job ad, then ask for your bank details.
Once you become a money mule, it can be hard to stop. You could be physically attacked or threatened with violence if you don’t continue to let your account be used by criminals.
When you’re caught:
- Your bank account will be closed.
- You will find it hard to access further student loans.
- It will be difficult to get a mobile phone contract.
- You will have problems applying for credit.
- You could go to prison for up to 14 years.
Students can become money mules unwittingly. They might think they’re giving out their bank details for a genuine reason, then end up involved in money mule fraud.
Don’t Be Fooled. Follow this advice:
- Don’t give you bank account details to anyone unless you know and trust them.
- Be cautious of unsolicited offers of easy money. If it sounds too good to be true, it probably is.
- Research any company that makes you a job offer and make sure their contact details are genuine.
- Be wary of job offers from overseas. It will be harder for you to find out if they are legitimate.
- Be wary of job ads that are written in poor English, with grammatical errors and spelling mistakes.
For more information, visit the Money Mules website.