Security Zone

At Bank of Ireland UK we understand how important the security of your accounts and confidentiality of your information is.

Keeping customers’ accounts and information secure is a top priority for us, but it is also important for you to protect yourself from fraudsters.  
Top Tips Report Concerns

Report Concerns

If you suspect you have received a fraudulent email, text or call or have been asked to provide your personal or banking information (username, pin, etc.) in an unusual manner, such as by pop-up or web page, report it immediately. Do not reply to or follow any of the instructions provided, regardless of how genuine they may appear.


  • To report debit card lost or stolen

    Call us on:

    LOCATION NUMBER
    Great Britain / Northern Ireland: 0345 309 8099/ 0289 031 0303
    Republic of Ireland: 1890 706 706
    Outside these locations: +353 567 757 007

    24 hours, 7 days a week



  • To report ATM fraud

    Call us on:

    LOCATION NUMBER
    Great Britain / Northern Ireland: 0345 309 8099/ 0289 031 0303
    Republic of Ireland: 1890 706 706
    Outside these locations: +353 567 757 007

    24 hours, 7 days a week


How to Protect Yourself

How to Protect Yourself

Keeping customers’ accounts and information secure is a top priority for us, but it is also important for you to know how to protect your own security as you go about your day-to-day activities.


  • Online and Mobile Banking

    The internet has made banking much more accessible and convenient. With online or mobile banking being used every day, there are precautions you need to take to ensure that you enjoy the safest banking experience possible.

    • Never reveal your online banking login information to anyone. In particular your full online banking PIN.
    • Ensure you are not being overlooked. When entering passwords or PINs into online accounts in a public place, shield your screen and ensure no one is overlooking you or trying to distract you.
    • Monitor your accounts on a regular basis. Check for suspicious transactions. If you do find anything suspicious, Report it.
    • Monitor your list of online payees on a regular basis. Treat any unexpected requests to change or update your payee details with caution and verify that the request has come from a legitimate source.
    • Always logout completely from your online banking session. Select the log out button rather than just closing the website or app.
    • Use secure websites (https). When entering login details or personal information, be sure the web page you are viewing offers encryption of your data by checking:
      – The web address (URL) has changed from ‘http’ to ‘https’.
      – That a closed padlock icon is present.
      – Your browser address window may be green.



  • Email

    Email is an excellent communication tool and also a useful way to stay informed about new products and services. However, email is sometimes used to deliver unwanted material. Always be cautious when sending or receiving emails, particularly if you are sending any personal details or arranging financial transactions.

    Fraudulent Emails:

    Fraudsters sometimes send emails pretending to be from a reputable company in an attempt to acquire personal information (e.g. username, PIN, credit card number etc.). This is known as phishing. Some email scams have become much more sophisticated and are personalised in order to target certain people. These emails are personally addressed, well-written and look and sound professional. This is knows as spear phishing.

    What to look for:

    OMI005423_balance Check for misspellings or unfamiliar sender addresses.
    OMI005423_balance Unexpected emails which claim to come from a financial institution.
    OMI005423_balance Urgent requests and threats.
    OMI005423_balance Claims that your account has been compromised.
    OMI005423_balance Requests to “Open an Attachment” or “Click a Link”.

    Tips:

    • Be suspicious of unsolicited emails. Listen to your instincts. If something doesn’t feel right then stop and question it.
    • Never reveal your banking details or other personal information if requested via email.
    • Check links in emails are legitimate by ‘hovering’ your mouse over the link to view the web address (URL) without clicking. If it is different to what you were expecting, do not click.
    • Consider having different email addresses for different purposes; one for your bank to use, another for family and friends and perhaps a different address for online newsletters.

    How to report a suspicious email:

    • Call the sender to verify they sent the email. If possible use a number in a directory or on their website rather than the same number contained in the email.
    • Do not reply to the email, fill out any forms or follow any of the instructions specified.
    • Do not click on any links as they may try to direct you to fake websites.
    • Do not open attachments as they may infect your computer with malicious software.
    • Forward suspicious emails claiming to be from Bank of Ireland to 365security@boi.com and then delete.

    Your email address can be obtained from publicly available sources or through randomly generated lists. Therefore, if you receive a fake email that appears to be from Bank of Ireland, this does not mean that your email address, name, or any other information has been gathered from Bank of Ireland’s systems.

    Examples of Phishing emails and what to look out for:



  • Phone

    Telephone fraud is becoming increasingly common. Sometimes fraudsters try to trick you into divulging personal and confidential information, including bank account details, over the phone. This is known as ‘Vishing’. The fraudulent text message equivalent to this is known as ‘Smishing’. Fraudsters may claim to be from a reputable organisation or claim that your account has been compromised and that action is required.

    Bank of Ireland will never ask you to transfer money to a new account so ignore such calls or texts.

    When in doubt about the legitimacy of a call or text claiming to be from Bank of Ireland, report it and do not act on it unless confirmed to be genuine.

    Tips:

    • Criminals who have called your landline can stay on the line for up to 5 minutes, even after you have hung up. Wait at least 10 minutes after hanging up. Then, to ensure that the fraudsters have disconnected, call someone you know before using the phone again or use a different line to report the incident to the Bank.
    • Sometimes fraudsters make phone calls, claiming to be from a reputable IT organisation, to offer assistance. Never allow a cold caller to take remote access of your computer.
    • Never respond to suspicious text messages or click on links contained within. These links may lead to malicious content. Send a screenshot of the suspicious text to 365security@boi.com and then delete it.



  • Passwords

    The use of strong passwords is essential in order to protect your information and identity. The best security in the world is useless if a fraudster has access to a legitimate username and password.

    Strong passwords can take years to crack; weak passwords can be cracked in less than 5 minutes.

    What makes a strong Password?

    • More than 8 characters. Having a long and complex password makes it difficult for hackers to decipher.
    • Varied. Random words made up of a combination of upper and lowercase letters, numbers and symbols.
    • Unique. Avoid using the same password across multiple accounts. It would only take one successful attack for all your information to be stolen.
    • Easy for you to remember. But difficult for someone to guess (avoid birthdays, pet names etc.).

    Password Suggestions:

    • Replace letters with numbers and symbols. Use a movie title or character you like. For example SP!D3Rm@n – a variation of Spiderman.
    • A line of a song. One that other people would not associate with you- fly1ngw1Th0Utw!nGs!
    • A phrase known to you. “Consider yourself at home” and take the first character from each word- CYAH. Then combine this with numbers and symbols- C.2!Y64a?H@

    Create your own unique password using these tips (Don’t use these examples!)

    Tips:

    • Use finger print detection for mobile devices and use a PIN with more than 4 numbers where possible.
    • Never share your usernames or passwords.
    • Never allow web browsers (e.g. Google Chrome, Internet Explorer) to remember your passwords- you put your information at risk.



  • Public Wi-Fi

    Wireless networks have changed the way we use computers and mobile devices at home in the office and on the move. ‘Public’ wireless networks or hotspots mean that we can get online in places like cafés, hotels and parks. While this is very convenient, there is a security risk associated with it.

    When you access public Wi-Fi, you can never be sure who has set up the network and, more importantly, you don’t know who is connected to it. Malicious users could intercept anything you are doing online including capturing your passwords and reading private emails.

    Tips:

    • Use 3G or 4G instead of public Wi-Fi when entering personal information where possible.
    • If you see anything suspicious while using public Wi-Fi, report your concerns to the manager of the organization providing access to the Wi-Fi service.
    • Avoid installing any system or application updates on your mobile phone or computer whilst using public Wi-Fi.



  • Protecting your Device

    There are a number of potential threats online and you need to ensure that you properly protect your devices- mobiles, tablets, laptops or PCs. This will help safeguard against your device being infected with malicious software and from potentially serious consequences such as fraud and identity theft.

    • Ensure you have up-to-date anti-virus software in place on your devices. Schedule regular checks on your computer system.
    • Keep the software on your device up-to-date. Install the latest software update as soon as possible. You will normally receive a prompt to update.
    • When downloading apps, go directly to a legitimate source. For example use the official App store or the Play store. Be cautious when downloading apps accessed by clicking on a link.
    • In the event your device is lost or stolen, most smart phones & tablets have a capability to be remotely wiped. This will prevent sensitive information from falling into the wrong hands.
    • Secure access to your device. Use a strong PIN, password, passcode or fingerprint detection to access your device.
    • Ensure to clear all information on your device before selling it.
    • Know how to recognise the signs that your computer may have become infected (including but not limited to the following):
      • Applications that don’t work properly.
      • Date of last login doesn’t match the date you last logged in.
      • System slows down, freezes or crashes.
      • Unusual error messages.
      • Your browser toolbar changes.
      • System performance deteriorates unexpectedly.
      • An increase in the number of files on the system when nothing has been added by you.
      • Printing does not work correctly.
      • Distortion on screen.
      • File size changes for no apparent reason.
    • If you suspect that your device may be infected. Do not log on to any online banking channels until any malicious software has been removed.



  • Shopping Online

    The ability to shop, bank, book travel and make payments online has transformed our daily lives. However, these transactions are sometimes targeted by fraudsters. Most reputable organisations make it as safe as possible for customers to conduct business with them online. Today’s cybercriminals are highly skilled at creating fake websites, and persuading consumers to divulge sensitive information and make payments.

    Consider these simple steps to shop online with confidence.

    Is the website safe?

    • Always go directly to the site or access it via a search engine (e.g. Google, Bing) first. Never follow links on websites or in emails if you are suspicious.
    • Ensure the web address is what you expected (e.g. check for incorrect spelling).
    • When entering login details or personal information, be sure the web page you are viewing offers encryption of your data by checking:
      • The web address (URL) has changed from ‘http’ to ‘https’.
      • A closed padlock icon is present.
      • Your browser address window may be green.

    • Always ensure you are buying only from reputable retailers, whether from personal experience or trustworthy recommendations. If it is not a well-known shopping site, do some research and look for independent reviews rather than trusting testimonials on the site itself.



  • Social Media

    Social media has changed the way we communicate. However, the more information you post online, the more you put yourself at risk of becoming a potential target for fraudsters. For example, if a fraudster obtains your full birth date and place of birth, they could try to use this information to access your accounts.

    What goes online stays online

    To protect yourself and your information, care must be taken when using social media.

    • Privacy and security settings. Learn about and use the privacy and security settings on social networks. They are there to help you control who sees what you post and to manage your online experience in a positive way. Do not rely on default settings.
    • Keep personal information personal.Be cautious about how much personal information you provide on social networking sites. The more information you post, the easier it may be for a fraudster to use that information for malicious purposes.
    • Make passwords long and strong. See the Passwords section for more information.
    • When in doubt, throw it out. Links in messages, tweets, posts, and online advertising may contain malicious content. Even if you think you know the source, if something looks suspicious delete it.

    For more information see Identity Theft.



  • Card & ATM Safety

    As with all financial transactions, please use discretion when using your card or an automated teller machine (ATM).

    Card Safety

    • Where possible, avoid letting your card out of sight when using it to pay for goods and services.
    • When making a contactless payment, ensure you check that the amount you are paying is correct before tapping your card on the payment device.
    • Always cover your card PIN when entering it on the keypad.
    • Do not choose a card PIN that might be easily guessed e.g. your date of birth, numbers in descending or ascending order, e.g 5432 or 1234, or four of the same numbers 1111.
    • Don’t reveal any of your banking details such as your card number, PIN or full password if requested by email or over the phone.
    • When shopping online, verify that you have accessed a legitimate website before entering card details. See Shopping Online for more information.

    ATM Safety

    • Be aware of your physical surroundings, ensure no one is trying to distract you or look over your shoulder.
    • Check that there are no obvious signs that the ATM has been tampered with or damaged.
    • Check that other people in the queue are at a reasonable distance behind you.
    • Shield the keypad with your hand to prevent hidden cameras or people from capturing your PIN.
    • Never reveal your PIN to anyone.
    • Use ATM machines which are in clear view and well lit, if suspicious, walk away.
    • If your card is retained by an ATM report it immediately.
    • Keep the Bank of Ireland lost or stolen card phone number in your mobile phone contacts.



  • Identity Theft

    Identity theft occurs when someone steals your personal information and uses it to impersonate you. They can carry out fraudulent activity such as trying to access your bank accounts, opening a credit card account in your name or getting payment from a supplier.

    How to reduce your risk of Identity Theft

    • Be careful when posting personal information online, including on social media. The more information you post online about yourself the easier it may be for a fraudster to steal your identity.
    • Never give your card PIN to anyone
    • Cancel lost or stolen credit and debit cards immediately
    • Lock all valuable documents away. Ensure they are in a secure place.
    • Ensure to clear all information on your device before selling it
    • Shred confidential information. Always shred any confidential information such as bank statements or cheque books before you throw them away.
    • Inform all service providers promptly when moving address. Set up a mail forwarding arrangement with the Post Office.


How to Protect Your Business

How to Protect Your Business

Your security is a top priority for us but there are also steps that are important for you to take to protect the security of your business assets.

Follow some simple tips to protect your business from fraud:


  • Safety for Business

    When logging on to Business On Line, we will only ever ask you to enter your username and password. If you see anything unusual when logging on, please contact the Business On Line Helpdesk immediately.

    • Never share your Business On Line Administrator or User password.
    • Monitor your bank accounts regularly. Check for suspicious activity on your account. If you find anything suspicious, or if something doesn’t feel right, report it.
    • Treat any unexpected requests to change payee or supplier’s bank account details with caution. Always check directly with a known contact in the company requesting the change before authenticating the changes and sending payment.
    • Ensure you are accessing a legitimate site. Never follow a link that brings you directly to the log in page of 365 online or Business On Line. Always go directly to the site by typing the web address into your browser or access it via a reputable search engine e.g Google.
    • Use secure websites(https). When entering login details or personal information be sure that the web page you are viewing offers encryption of your data by checking:
      • The web address (URL) has changed from ‘http’ to ‘https’.
      • A closed padlock icon is present.
      • Your browser address window may be green.



  • Email Safety

    Business Email Fraud

    By posing as senior executives, fraudsters have stolen millions from organisations across the globe through business email fraud. These schemes usually target companies working with foreign suppliers and companies that regularly perform wire transfers.

    To avoid spam filters, the emails in these schemes are not mass-emailed. Instead, they are sent to only a few employees—usually employees who regularly perform wire transfers, like financial directors or accountants. These emails are well crafted, often using spoofed email addresses and logos to look more credible. This is known as spear phishing.

    The fraudsters conduct extensive research to make their emails more believable. They will try to determine who is involved in wire transfers and wait for the perfect opportunity, like a change in leadership, to send the emails.

    The most common type of business email fraud are:

    • CEO Fraud/Business Email Compromise: An email from a senior leader, whose account has been compromised, to another employee in the organisation often containing an urgent payment request.
    • Bogus Invoice Scheme: An imitated supplier invoice email is sent requesting a change in payment details. See more in Invoice Redirection Fraud.
    • Payment Request Emails: An employee’s account is compromised and payment requests are sent by the fraudster to suppliers in their address book.

    CEO Fraud/Business Email Compromise

    This usually arises following the compromise of a senior (up to and including the CEO) employee’s email.

    How to Recognise a CEO Fraud/Business Email Compromise:

    • The fake email looks like it has come from an executive’s genuine address.
    • Typically, it is addressed to a colleague instructing that a high value payment is made to a supplier or creditor, and usually includes the payee details, including the IBAN.
    • The sender usually advises in the email that they will not be available for the following number of hours or days.

    How to Protect Yourself:

    • Don’t issue payment instructions to anyone via email, only by secure encrypted means.
    • Don’t accept payment instructions that have been issued to you via email.
    • Don’t use a phone number quoted in the suspicious email; verify the contact internally before making any payment.
    • Notify the Bank and Police immediately if you receive a suspicious email.

    Tips:

    Remember to always be cautious of unexpected emails:

    • Be skeptical of urgent requests that do not follow typical company procedures and policies.
    • Always verify that the email is from the real sender. If the sender is a senior leader in your company, call them directly no matter how senior they are, or one of their colleagues. If the sender is from another organisation, call a known contact in the company making the request before acting on it.
    • Look carefully at where links are taking you. Some phishers include links to websites with addresses/domain names that are only slightly different to genuine sites. E.ghttp://www.bankoireland.com.bank



  • Identity Theft

    Identity theft occurs when someone steals your personal information and uses it to impersonate you. They can carry out fraudulent activity such as trying to access your bank accounts, opening a credit card account in your name or getting payment from a supplier.

    How to reduce your risk of Identity Theft

    • Be careful when posting personal information online, including on social media. The more information you post online about yourself the easier it may be for a fraudster to steal your identity.
    • Never give your PIN to anyone.
    • Cancel lost or stolen credit or debit cards immediately.
    • Lock all valuable documents away. Ensure they are in a secure place
    • Ensure to clear all information on your device before selling it.
    • Shred confidential information. Always shred any confidential information such as bank statements or cheque books before you throw them away.
    • Inform all service providers promptly when moving address. Set up a mail forwarding arrangement with the Post Office



  • Protecting your Business Network

    You need to ensure that you properly protect your devices- mobiles, tablets, laptops or PCs. This will help safeguard against your device being infected with malicious software and from potentially serious consequences such as fraud and identity theft.

    • Ensure you have up-to-date anti-virus software in place on your devices. Schedule regular checks on your computer systems.
    • Keep the software on your device up-to-date. Install the latest software update as soon as possible. You will normally receive a prompt to update.
    • Turn on your computer firewall. Or install and enable one if none exists. Check your computer settings and ‘help’ section.
    • If your device is lost or stolen. Most smart phones and tablets have a capability to be wiped remotely. This will prevent any sensitive information falling into the wrong hands.
    • Know how to recognise the signs that your computer may have become infected (including but not limited to the following):
      • Applications that don’t work properly.
      • Date of last login doesn’t match the date you last logged in.
      • System slows down, freezes or crashes.
      • Unusual error messages.
      • Your browser toolbar changes.
      • System performance deteriorates unexpectedly.
      • An increase in the number of files on the system when nothing has been added by you.
      • Printing does not work correctly.
      • Distortion on screen.
      • File size changes for no apparent reason.
    • If you suspect that your device may be infected Do not log on to any online banking channels until any malicious software has been removed.



  • Ransomware

    Ransomware is one of the biggest cyber threats today. Most commonly, users receive an email claiming to be from a legitimate company, containing malicious content. The ransomware runs when the user opens a malicious attachment or clicks on a link in the email. It then encrypts every file on the user’s device and on any fileshare they are connected to. Once the encryption process is finished, a blocking screen appears ordering the user to pay a ransom in order to regain access to their files. If the user does not pay the ransom on time, all files may be lost.

    How to Protect Yourself and your business:

    • Do not click suspicious links or download unsolicited email attachments.
    • If you receive an email from a known sender, but with an unusual link or attachment, contact them first to confirm the legitimacy of the email.
    • If you receive a suspicious email in relation to your Bank of Ireland accounts, forward it as an attachment to 365security@boi.com immediately.
    • Be careful when accessing websites; do not click on advertisements, as they could contain malicious software.
    • Update your anti-virus software and operating systems regularly.
    • Ensure your files are regularly backed up. This is usually done centrally within a company.
    • Apply security patches as soon as possible after they become available from your technology providers.
    • Ensure you have a firewall enabled, to protect your technology from the internet.
    • If you think you have been the victim of a ransomware attack and your data files have become infected, the general advice from law enforcement agencies is not to pay the ransom.
    • It is also advised that you disconnect infected computers from your business network immediately to stop the spread of infection to other computers in your network.
    • Contact your security service provider if you have one, or seek professional advice from a security service provider.



  • Invoice Redirection Fraud

    This scam usually involves a genuine invoice being intercepted and the payee account details being altered. As a result, the payment is transferred to a fraudulent account.

    How it Works:

    • Having researched the target company, and their suppliers, criminals may write to the company’s finance department on forged headed paper, or by email, pretending to be the supplier.
    • Typically, they will advise of a change in supplier account details.
    • The payee account may be located either in UK or overseas.
    • The company is asked to either send a payment now to the new account, or alternatively, to ensure that all future payments are sent to the new account.

    How to Protect Yourself:

    • If a company requests a change of payment details, always confirm the change with them before making payments. Verify the change by contacting a known contact in the company directly if possible, or by using a phone number displayed on the company’s website. Do not follow links or use the same contact details contained in the email requesting the change without verifying them.
    • Typically, such requests are made via email. Fraudsters may change an email address to make it look as though it has come from someone you are used to dealing with. Always check email addresses carefully.
    • Don’t issue any payments in response to unconfirmed requests.
    • Fraudsters sometimes find information regarding contracts and suppliers on the victim organisation’s own websites. Consider whether it is necessary to publish information of this type in the public domain.
    • Contact the bank immediately if you receive a suspicious email or letter, and contact the police.



  • Phone Fraud

    Telephone fraud is becoming increasingly common. Sometimes fraudsters try to trick you into divulging personal and confidential information, including bank account details, over the phone. This is known as ‘Vishing’. The fraudulent text message equivalent to this is known as ‘Smishing’. Fraudsters may claim to be from a reputable organisation or claim that your account has been compromised and that action is required.

    Bank of Ireland will never ask you to transfer money to a new account so ignore such calls or texts.

    When in doubt about the legitimacy of a call or text claiming to be from Bank of Ireland, report it and do not act on it unless confirmed to be genuine.

    Tips:

    • Criminals who have called your landline can stay on the line for up to 5 minutes, even after you have hung up. Wait at least 10 minutes after hanging up. Then, to ensure that the fraudsters has disconnected, call someone you know before using the phone again or use a different line to report the incident to the Bank.
    • Sometimes fraudsters make phone calls, claiming to be from a reputable computer firm, to offer assistance. Never allow a cold caller to take remote access of your computer.
    • Never respond to suspicious text messages or click on links contained within. These links may lead to malicious content. Never respond to suspicious text messages or click on links contained within. These links may lead to malicious content. Send a screenshot of the suspicious text to 365security@boi.com and then delete it.



  • Remote Access Fraud

    Fraudsters will sometimes cold call companies claiming to be from a reputable computer firm.

    The caller may offer:

    • To fix, upgrade or protect your computer from running slowly.
    • To upgrade your service for internet connections, devices or phone lines.

    The caller may ask you to log on to your online banking and then they ask you to allow them remote access to your computer to “assist with the issue”. Fraudsters may also ask for banking, card, security or other personal details in order to get access to your bank accounts.

    How to Protect Yourself:

    • Never give control of a computer remotely to a third party who calls unexpectedly.
    • Don’t disclose full personal or security details to an unsolicited caller.
    • Don’t disclose your Visa Debit or credit card details, Fraudsters can spoof caller ID numbers to make it look as though they are calling from somewhere legitimate.
    • Never transfer money based on an instruction from a cold caller, no matter what story you are told. Always check the proposed transaction with your bank beforehand.
    • Never log on to your online banking while the third party is connected to your device.



  • Cheque Overpayment

    Fraudsters sometimes target legitimate sellers of goods or services by posing as new customers and making an order.

    The fraudster typically pays the seller a higher amount than agreed by cheque or bank draft in a bank branch (even if an online payment has been discussed). The fraudster then asks the seller to return all or some of the payment online as quick as possible.

    While the seller is pressurised to return the money, the original cheque or bank draft, which is usually forged, counterfeit or fraudulently altered in some way, will be rejected and not paid. However, the money returned will have been paid directly into the fraudster’s account.

    How to Protect Yourself:

    • Don’t make any refunds until you are satisfied that a genuine payment has been received into your account. If in doubt, refer to your local branch.
    • Always carry out appropriate due diligence when dealing with a new customer, particularly those who require an immediate refund due to overpayment being sent to you.
    • If you are concerned you have been targeted by an overpayment scam, immediately contact Bank of Ireland UK and report to Police.


How We Protect You

How We Protect You

Our banking sites use an encryption system to protect your banking information at all times.

When logging on to Bank of Ireland 365 online we will ask you to provide your own private and individual User ID and 365 PIN in conjunction with a personal detail question. This information is encrypted during transmission and will remain a secret as long as you do not disclose it.

Bank of Ireland 365 online requires the use of a secure browser to access account information and perform transactions.

The bank is protected by a firewall, which forms a barrier between the outside Internet and the internal bank network.

Payee details will appear on screen and in the receipt which you can print off when the bank confirms your instruction to make a funds transfer or pay a bill.

After a period of inactivity your current session on the web site will automatically timeout. To restart your session, all you have to do is re-enter your User ID, PIN and password at the login screen.

Fraud Alerts

Fraud Alerts

  • Customer data breach at Wonga

    We are aware of a recently publicised customer data incident involving Wonga.

    We are working with the relevant authorities to ensure we provide appropriate security advice and protect any customers who may be at risk.

    We have received information from Wonga on customers who may have been affected by this incident and will provide advice to them on how to keep their Bank accounts safe.

    We are also liaising with the appropriate regulatory bodies and other authorities where necessary.

  • Phishing scam targeted at university students

    The purpose of this alert is to raise awareness of a phishing scam targeted at students in UK universities.

    The phishing campaign claims that the student has been awarded an educational grant as part of a student support programme. The email example below purports to have come from the Finance Department of the student’s university. It tricks the recipient into clicking on a hyperlink contained in the message to provide personal details on a webpage.

    Victims report that after submitting their sensitive information (including name, address, date of birth, bank account details, National Insurance Number and mother’s maiden name), they were taken to a spoofed website which appeared to be a genuine representative of their online bank, where they were directed to type in their online banking credentials.

    Protection and Advice

    • Don’t open attachments or click on the links within any unsolicited emails you receive, and never respond to emails that ask for your personal or financial details.
    • An email address can be spoofed, so even if the email appears to be from a person or company you know of, but the message is unexpected or unusual, then contact the sender directly via another method to confirm that they sent you the email.
    • If you receive an email which asks you to login to an online account, go directly to the website yourself instead of using the link provided in the email.
    • If you suspect an email is a scam, do not reply to the sender. Where possible, flag the email as spam and then delete it.
    • Always install software updates as soon as they become available. Whether you’re updating the operating system or an app, the update will often contain fixes for critical security vulnerabilities.
    • If you think your bank details have been compromised and/or you have lost money due to fraudulent misuse of your cards, you should immediately contact the bank and report it to Action Fraud. 

  • Fake PC Support Calls

    The Bank wishes to alert customers and members of the public to a scam that is currently active in the marketplace.

    Consumers are receiving telephone calls from persons claiming to be security engineers from a major computer company (they’re not!), or working on behalf of a major international computer company (they don’t), to tell them they have a virus on their computer (not true!).

    Key Points:

    • Consumers are cold called by someone claiming to be from a computer firm and told there is a problem with their computer and offering help to solve the computer problems.
    • Once the caller has gained the consumer’s trust, they ask the consumer to log onto a website to download a file to help solve the problem, or
    • The caller may ask the consumer to allow them online access to the consumer’s PC so that they can run a quick scan.  Having done so, many victims report seeing the cursor on screen being manipulated by the caller as he/she configures the consumer’s PC.
    • The caller will then ask for the victim’s credit card details in order to ‘purchase’ a software package which will fix the virus.  They also potentially attempt to steal from the victim by accessing personal information on their computer.  In addition to gaining access to personal details, they can also infect the computer with damaging viruses and spyware.

    Detail:

    Customers and members of the public are encouraged to treat all such unsolicited phone calls with scepticism and not to provide any personal banking information (including Credit Card details) to anyone over the phone or online in response to these calls.

    Anyone who receives an unsolicited call from a person claiming to be from a computer firm or a PC Repair business should hang up.  Legitimate business firms do not make these kinds of calls.

    Police intelligence suggests that such calls originate from Asia and Africa and the phone numbers quoted are usually fake.  It is believed that auto-dial machines are being used to perpetrate this scam and this has resulted in both customers and businesses (including bank branches) receiving these bogus calls.

    Action:

    If you receive a call from one of these fraudsters,

    1. DO HANG UP,
    2. DO NOT give these callers online access to your PC,
    3. DO NOT give these callers your Credit Card details,
    4. DO keep your anti-virus software up to date.

    If you suspect fraud has occurred on your Bank of Ireland UK Credit Card, customers can contact 0345 309 8099, option 1.

  • Customer data breach at Vodafone

    Bank of Ireland UK is aware of a recently publicised customer data incident involving Vodafone.

    We are working with the relevant authorities to ensure we provide appropriate security advice and protect any customers who may be at risk.

    We have received information from Vodafone on a very small number of customers who may have been affected by this incident and will provide advice to them on how to keep their Bank accounts safe.

    We are also liaising with the appropriate regulatory bodies and other authorities where necessary.

  • Customer data breach at Talk Talk

    Bank of Ireland UK is aware of a recently publicised customer data breach at Talk Talk and is working with the relevant authorities to ensure we provide appropriate security advice and protect any customers who may be at risk.

    We are awaiting information from Talk Talk on customers who may have been affected by this data breach and will provide advice on how to keep their Bank accounts safe.

    We are also liaising with the appropriate regulatory bodies and other authorities where necessary.

    Details of the FFA and the recent press release can be found at www.financialfraudaction.org.uk/latest-news.asp

  • Businesses warned of new spoof email scam

    Businesses are being warned of a new email scam in which fraudsters impersonate a senior member of their company to deceive staff into transferring money.

    The scam involves a criminal sending an email to a member of staff in a company’s finance department which appears to be from a senior colleague, such as the finance director or chief executive, according to intelligence reported to Financial Fraud Action UK. Fraudsters use software which manipulates the characteristics of an email, including the sender address, so that it looks genuine. This means the spoof email appears in the recipient’s inbox in just the same way as a regular email from the same contact. The email requests that an urgent payment is made outside of normal procedures, often giving a pressing reason such as the need to secure an important contract. However, the account to which the payment is made is in fact controlled by the fraudster. Upon receipt of the funds, the money is then quickly withdrawn.

    Fraudsters have also hacked the genuine email accounts of senior staff, often on web-based services, before sending the fraudulent emails.

    Criminals use publicly available information to gain knowledge of target companies, such as the names of senior staff.

    Advice on avoiding this scam:

    • Always check any unusual payment requests directly, ideally in person or by telephone, to confirm the instruction is genuine. Do not use contact details from the email.
    • Establish a documented internal process for requesting and authorising all payments and be suspicious of any request to make a payment outside of the company’s standard process.
    • Be cautious about any unexpected emails which request urgent bank transfers, even if the message appears to have originated from someone from your own organisation.
    • Ensure email passwords are robust.
    • Consider whether the email contains unusual language or is written in different style to other emails from the sender.

    Details of the FFA and the recent press release can be found at www.financialfraudaction.org.uk/latest-news.asp

  • Customer data breach at Carphone Warehouse

    Bank of Ireland UK is aware of a recently publicised customer data breach at Carphone Warehouse and is working with the relevant authorities to ensure we provide appropriate security advice and protect any customers who may be at risk.

    We have recently written to some customers whose information may have been affected by this data breach, and provided advice on how to keep their Bank accounts safe.

    We are also liaising with the appropriate regulatory bodies and other authorities where necessary.

    Details of the FFA and the recent press release can be found at www.financialfraudaction.org.uk/latest-news.asp

  • Boiler room investor fraud

    The Bank wishes to alert Customers and members of the public to the threat of share sale fraud – more commonly known as Boiler Room scams.

    Share sale, boiler room, hedge fund or bond fraud involves bogus brokers, usually based overseas, cold calling people to pressure them into buying shares that promise high returns or whose share price is about to ‘go through the roof’. In reality, the shares are either worthless or non-existent.

    Boiler room fraudsters are highly trained and use ‘hard sell’ techniques to pressurize investors into making rushed decisions to buy shares which are of little or no value.

    If you deal with a share sale fraudster or Boiler Room you’ll almost certainly lose the money you’ve invested and you won’t have any right to claim compensation under the Financial Services Compensation Scheme, as the Boiler Room firm is NOT AUTHORISED as an investment firm by the Financial Conduct Authority.

    Key points:

    Most Boiler Room scams start with an UNSOLICITED phone call, in which a professional sounding ‘stockbroker’ offers you a fantastic investment opportunity.

    These salespeople are persistent and are trained in dealing with any objections or questions, they specialize in using high pressure ‘hard sell’ tactics in order to persuade victims to agree to buy shares, they will often claim that by agreeing to buy the shares you have ‘entered into a contract’ to do so.

    They will urge you to be discreet and not to tell anyone else about the deal, this enables them to continue cold calling hundreds of other potential victims while the scam is running.

    In order to appear legitimate, firms will often have websites which look professional, they may provide official-looking documentation and share certificates, all these are ultimately worthless.

    As most Boiler Rooms are based overseas you will be asked to send your “investment” by International Payment, you will probably never get any money back.

    Remember: if it looks too good to be true, it probably is!

    Advice for Customers:

    If you receive an UNSOLICITED call from a person who offers you an opportunity to invest in shares HANG UP.

    Genuine UK investment firms are authorised by the Financial Conduct Authority. If you wish to check whether a firm is authorised you may do so on their website:

    http://www.fca.org.uk/firms/systems-reporting/register

    If in doubt, refer your query to a Qualified Financial Advisor who is known to you – explaining why you are concerned.

    If you think you may have been duped by a boiler room scam you should report it to the Financial Conduct Authority and to the Police.

    Recovery Fraud:

    People who have lost money on Boiler Room scams may subsequently find themselves being targeted in a ‘recovery room’ fraud, where the victim receives a call from a firm who will claim that they can help to recover the lost investment monies.

    This however, is simply another part of the boiler room scam and the ‘recovery’ firm will request upfront payment of substantial fees before they handle your case, again this is just another way of scamming more money from victims.

  • Archive

    Please see below for details on recent fraud alerts.

    Fraudsters using spoof bank texts in a new scam

    The Press Office of Financial Fraud Action UK have put together a SMS Spoofing scam alert on behalf of the banking industry, this was released to the public on 9th June and the media coverage of the alert has been extensive and very successful. This fraud alert is to make customers aware of this new scam.

    Key Points:

    • Criminals are using spoof text messages which appear to be sent from their victim’s bank in a bid to steal personal or financial information.
    • The scam text messages claim that there has been fraud on the recipient’s account or that the account details need to be updated.
    • The texts encourage people to call a number or visit a website, often claiming the matter is urgent. However the telephone number or website is actually controlled by the fraudster, enabling them to steal security details which can be used to access the victim’s bank account and steal money.
    • To make the texts seem authentic, fraudsters use specialist software which alters the sender ID on a message so that it appears with the name of a bank as the sender. This can mean that the text becomes included within an existing text message thread on the recipient’s phone.
    • Through a second route the fraudsters take, the texts warn that the recipient will soon receive a call from their bank’s fraud department. However it is actually the fraudster that then calls the victim and attempts to trick them into revealing their full security details.
    • Intelligence also suggests that fraudsters are sending scam texts which appear to be from a landline number, asking the recipient simply to call their bank. This is in the hope that the victim will phone the number from which the text was sent, which is controlled by the fraudster, rather than the bank’s regular customer service telephone number.

    Advice:

    Financial Fraud Action UK’s advice on how to avoid becoming a victim of this scam:

    • Be suspicious of any text message that asks you to provide sensitive personal information, passwords or to make transactions.
    • If you’re asked to call the number given in the text message and the number is unknown to you or suspicious, call your bank on a number that you trust – such as the one on the back of your card – to check the number and message is authentic.
    • Do not call the phone number a text message has been sent from; instead call your bank on a number that you trust.

    Remember your bank will never:

    • Phone you to ask for your 4-digit card PIN or your online banking password, even by tapping them into the telephone keypad.
    • Ask you update your personal details by following a link in a text message.
    • Tell you over the phone how to respond to a text message confirming a transaction.
    • Ask you to transfer money to a new account for fraud reasons, even if they say it is in your name.

    Malicious Software

    The National Crime Agency ‘NCA’ (UK) recently issued an alert in relation to Malicious Software (Malware). This arises from the identification and shut-down by international Law Enforcement authorities of over 1m compromised computers (a ‘botnet’). The Agency is advising the public that they have two weeks before hackers regroup and recommence their criminal activities against unsuspecting and unprotected computer users.

    The authorities indicate that if your computer does not run Windows, then this alert may not apply directly to you. Other problems might though, and in order to keep yourself protected, you should always keep your antivirus up to date.

    Advice (particularly for Windows users)

    You can protect yourself by:

    • Making sure security software is installed on your PC and is kept updated by running scans
    • Check that your computer operating systems and applications are up to date
    • Regularly back up all your files, especially Word, Excel and Powerpoint documents along with your Photos and any other items you would not like to lose. Store this information securely (encrypted) in a separate storage device
    • Do not open attachments in emails unless you are 100% certain that they are authentic

    For further information Get Safe Online is providing advice, guidance and tools on its website at www.getsafeonline.org/nca

    Pension Liberation

    Purpose of Memo:

    The Bank wishes to alert customers and members of the public to a scam that is currently active.

    Detail:

    Pension Liberation also known as ‘pension loans’ and ‘pension scam’ is a transfer of a scheme member’s pension savings to an arrangement that will allow them to access their funds before the age of 55. But accessing pension savings before minimum pension age is only possible in rare cases, like terminal illness.

    Pension Liberation can result in tax charges and penalties of more than half the value of a member’s pension savings, and those being targeted are usually not being told about the potential tax implications. This is in addition to high charges, typically 20 to 30% for entering into one of these arrangements and high risk investments for the remaining pension savings.

    Warning signs

    • Unsolicited contact
    • Transfer of funds overseas
    • Attempts to access pension before the age of 55
    • Copy of documentation has not been provided to member
    • Member encouraged to carry out transfer quickly
    • Receiving scheme not registered/newly registered with relevant Revenue authority
    • Member informed there is a legal loophole

    Action:

    The pension Regulator’s five steps to avoid becoming a victim:

    1. Never give out financial or personal information to a cold caller
    2. Check the credentials of the company and any advisers – who should be registered with the appropriate regulatory authority, e.g. the Financial Conduct Authority.
    3. Ask for a statement showing how your pension will be paid at retirement, and question who will look after your money until then
    4. Speak to an adviser that is not associated with the deal you’ve been offered, for unbiased advice
    5. Never be rushed into agreeing to a pension transfer

    For further information on Pension Liberation see:

    Scam Calls

    Purpose of Memo:

    The Bank wishes to alert customers and members of the public to a scam that is currently active in the Irish marketplace.

    Key Points:

    • It has come to our attention that there has been a marked increase in fraudulent calls to mobile phones in recent weeks.
    • The phone number on the incoming call appears to begin with “+4212/60”. The distinguishing characteristic of the caller’s number is the inclusion of the forward slash.
    • While recipient experience in taking the calls varies, answering a call from this number always results in a premium rate charge appearing on the customer’s bill.

    Action:

    Law enforcement intelligence advises everyone to be cognisant of the issues surrounding unsolicited calls from unknown numbers and to be vigilant in this regard.

    Fraud against the elderly

    Elderly people can be particularly at risk from bogus traders/callers who set out to gain their confidence before taking financial advantage of them.

    Typically these people call door-to-door and offer to carry out works such as replacing roof tiles, mending guttering, decorating or they ‘convince’ the victim that repairs are necessary. Some of these people carry out a little work and charge exorbitant amounts of money for their service. In many cases the work is unnecessary. On completing the work in a very short time, they then demand substantial payment often using threatening and intimidating tactics. In some instances, they offer to drive the victim to the bank to withdraw the cash.

    Always remember:

    • You should never leave strangers, even bona fide workers, unsupervised in your home
    • Never engage a person who insists on cash payments for services offered. Most reputable traders will not ask for money up front. Always use a method of payment which is traceable
    • Never sign a blank form for any reason – it could cost you dearly

    Money Mules (Job vacancies)

    Money mules are people recruited by criminals to help transfer fraudulently obtained money from bank accounts. Fraudsters contact prospective victims with ‘job vacancy’ adverts on the internet, on job search websites or in newspapers. These jobs are usually advertised as ‘Financial Manager’ or ‘Payments Clerk’ with no other requirement than having a bank account. The mule accepts the ‘job’ in good faith and does not suspect that they are being duped into involvement in criminal activity. Once recruited a Money mule receives stolen funds into their account, followed by a request to forward the funds, minus their commission, usually overseas, using a wire transfer service.

    Always remember:

    • Thoroughly research any work-from-home offer and do not get involved unless you are sure the business is legitimate
    • If a job sounds too good to be true, then it probably is

    Lottery Fraud

    Another scam currently being carried out by various groups of international fraudsters involves victims being contacted by email in which they are advised that they have won the lottery. No ticket purchase was necessary – according to the scammers. The victim is encouraged to pay a fee before the ‘winning’ lottery cheque is handed over. This scheme is a fraud and you should not become involved or communicate with them in any way as these winnings do not exist.

Take Five Campaign

Take Five Campaign

In 2015, £755 million was lost to financial fraud, but we can all help to lower this figure by remembering one simple action – to stop and think.

That’s why the Take Five campaign – led by Financial Fraud Action UK Ltd – is encouraging the nation to do just that; to take time to stop, step back and think before they act.

If you receive a request to hand over (or do something with) personal or financial information, you need to take a moment to reflect and step back from the situation. Yes, even if they say they’re the bank, police or another trusted organisation, you still need to take the time to stop and think about what’s really going on.

Because deep down, you probably already know these basic rules on how to beat financial fraud – you just need to take a deep breath and stay calm enough to remember them.

  1. Never disclose security details, such as your PIN or full banking password
  2. Don’t assume an email or phone call is authentic
  3. Don’t be rushed – a genuine organisation won’t mind waiting
  4. Listen to your instincts – you know if something doesn’t feel right
  5. Stay in control – don’t panic or make a decision you’ll regret

Take Five, a new national campaign led by Financial Fraud Action UK, is here to help you take action against the financial fraud that affects millions of people in the UK each year. If you think there has been fraud on your card or bank account – or if you suspect anyone has attempted to obtain your financial details – report it immediately to your bank or other financial services provider and then contact Action Fraud on 0300 123 2040 or at www.actionfraud.police.uk.

For more information www.takefive-stopfraud.org.uk