- How we protect you
- Fraud alerts
- Banking fraud control comparison data
- Take Five campaign
- Don’t be fooled campaign
- Our online banking websites are encrypted to protect your information
- They are also protected by a firewall (a barrier between the internet and our internal bank network)
- A secure browser is needed to access account information and transact
Logging on and Timing out
When you log on to Bank of Ireland 365 online, we’ll ask you for:
- A private and individual User ID
- 3 random digits from your 365 login PIN
- A personal detail question
This information is encrypted and will stay private if you don’t disclose it.
- For Business online customers, your last log on details will show when you log on. This means you’ll know if someone else has accessed your account online
- If you’re inactive for a while, your online banking session will automatically time out
Two Factor Authentication
- You need a Two Factor Authentication to add or edit a payee on 365 online
- We’ll text a code to your registered mobile phone, or send via post if you prefer
Protecting your business with Bank of Ireland KeyCode
- Business On Line uses the award-winning* Bank of Ireland KeyCode
- KeyCode generates unique, one-off codes you can use to log on to Business On Line and authorise payments and payees
- It replaces your logon passwords and means you don’t need a Digital Certificate or Java
Bank of Ireland KeyCode offers the following security benefits:
- You need a secure PIN to access the KeyCode app. This One Time Code is generated per transaction and expires when used, or after 60 secondsM
- KeyCode doesn’t store any information
- KeyCode only works on your registered device, along with your corresponding Business On Line User ID
- The app is registered to the individual User
- The Business On Line Administrator can lock a User’s profile (for example, if the User go on holidays, etc.)
- When you download KeyCode, the app works offline with no need for an internet connection
Read more about Bank of Ireland KeyCode here
Daily Control limit
- The Administrator and your relationship manager will set a Daily Control Limit (DCL) on your Business On Line profile
- This limit means your profile is less likely to be exposed to fraud
*Winner of ‘Best Information Security Initiatives (Corporate/Institutional)’ in Western Europe, Global Finance Best Digital Bank Awards 2017
- Romance scams
The UK has seen a rise in people falling victim to Romance scams during Lockdown. The rise comes as more people have turned to online dating during 2020 due to social distancing restrictions. The purpose of this Fraud Alert is to inform Bank of Ireland UK customers about Romance scams and how to protect yourself, your friends and family from Romance scams this Valentine’s Day.
New data from UK Finance reveals a 20 per cent increase in bank transfer romance fraud between January and November 2020 compared to the previous year, with the total value of these scams rising by 12 per cent to £18.5 million. The average loss per victim reported to UK Finance members was £7,850, highlighting the significant impact this type of fraud can have on victims’ finances.
What is a Romance scam?
A Romance scam is when a person is duped into sending money or gifts to a fraudster because they believe they are in a genuine relationship and are sending them to their ‘partner’.
Romance scams usually start with people meeting online; through dating websites or social media. Fraudsters often use fake profiles and spend a lot of time getting to know the victim to convince them that they are in a genuine relationship. Once the fraudster believes they have gained the victim’s trust they will ask for money or gifts that seem genuine; the fraudster could say they need money for emergency medical care, or to pay for travel costs if the victim lives overseas. There are numerous reasons, but the key is that money is requested, yet neither party have ever met.
What to look out for
When you are dating someone online, look out for the below alarm bells:- Requests for money or gifts from someone you have never met in person.
- Requests for your personal data (e.g. a copy of your passport to arrange travel).
- Does the person’s profile look genuine? You can complete a reverse image search to find if their profile picture has been taken from somewhere else.
When your friends or family are dating someone online, look out for the below warning signs:
- Being secretive about their relationship.
- Sending money or gifts to someone they have never met in person.
- Committing to someone very quickly, when they have not met in person.
Protect yourself
- Be cautious when providing your personal information. The more information you provide about yourself the easier it is for a fraudster to steal your identity.
- If you notice any of the above alarm bells don’t be pressured into transferring your money, or spending your money to buy gifts.
- Never reveal your banking information to anyone, including your account details, online banking information, card number & pin.
No matter how long you’ve been speaking to someone online and how much you think you trust them, if you have not met them in person it’s important that you do not:
- Send them any money
- Allow them access to your bank account
- Transfer money on their behalf
- Take a loan out for them
- Provide copies of your personal documents such as passports or driving licenses
- Invest your own money on their behalf or on their advice
- Purchase and send the codes on gift cards from Amazon or iTunes
- Agree to receive and/or send parcels on their behalf (laptops, mobile phones etc.)
We encourage you to #Take Five by following the below steps:
- Never disclose security details, such as your PIN or full banking password
- Don’t assume an email or phone call is authentic
- Don’t be rushed – a genuine organisation won’t mind waiting
- Listen to your instincts – you know if something doesn’t feel right
- Stay in control – don’t panic or make a decision you’ll regret.
Report Fraud
If you think you have been a victim of a Romance scam, do not feel ashamed or embarrassed – you are not alone. Contact us immediately on:- Northern Ireland
Freephone (Personal accounts): 0800 121 7790 (24 hours, 7 days a week).
365 Online: 0345 7 365 555 - Great Britain
365 Online: 0345 7 365 333 - Republic of Ireland
365 Online: 1890 365 200/ 0818 365 365 - Abroad
365 Online: +44 345 7365 555
365 Opening hours: Monday-Friday: 8am-8pm, Saturday: 9am-5pm, Bank and Public holidays: 10am-5pm, Sunday: Closed.
To report suspicious Bank of Ireland related emails or texts, send the suspicious email or text to 365security@boi.com
If we need to contact you about a potential fraud on your account, we will do this via a secure channel including, but not limited to, SMS or email.
- COVID-19 Vaccine Scam Alert
The purpose of this alert is to warn Bank of Ireland UK customers of a new scam circulating where fraudsters are using the COVID-19 vaccine rollout as an opportunity to try to steal your data.
Summary
Bank of Ireland UK have been informed that there is a new scam text message circulating in which fraudsters are posing to be from the NHS. The text message informs the recipient that they are eligible to apply for the COVID-19 vaccine and asks them to click on a link. The link takes the recipient to a fake NHS website and prompts them to enter their bank account details (including sort code, account number and card number) to verify their address. Please remember that the NHS, or your doctor would never ask you for this type of data.
An example of the scam text message is shown below.
We would like to remind our customers to remain vigilant against fraud. The above image is an example of a fraudulent text message that has been sent to an individual, however fraudsters will try to trick people by sending different variations of the same scam. Fraudsters also use different means of communication, other ways fraudsters may try to contact you is by email or telephone.
How to protect yourself
Suspicious texts (Smishing)
Fraudsters may send texts pretending to be from a company you trust. They target mobile users by sending texts with links to fraudulent websites to trick you into providing your online banking details or card details.
You should never:
- Click on or open suspicious links and attachments.
- Use a phone number provided in the text which could be fake.
- Respond to unsolicited text messages.
- Share your banking details, including your full online banking PIN, or other personal information if requested via text message.
If you have clicked on a suspicious link, call us as soon as possible on the phone numbers provided below.
Suspicious emails (Phishing)
Fraudsters sometimes send emails pretending to be from a company you trust, usually asking you to click on a link or open an attachment. The emails may seem genuine and convincing but are designed to trick you into sharing your personal information, such as your username, full PIN or credit card number. They will often make urgent threats and try to scare you into providing your details.
You should never:
- Click on or open suspicious links and attachments.
- Respond to unsolicited emails.
- Share your banking details or other personal information if requested via email.
- Use a phone number provided in the email which could be fake.
If you have clicked on a suspicious link, call us as soon as possible on the phone numbers provided below.
Suspicious calls (Vishing)
Fraudsters may contact you be telephone pretending to be calling from a company you trust. Be vigilant if you receive a phone call out of the blue. The fraudsters may claim that your account has been compromised and ask you for your bank card or bank account details.
You should never:
- Give away personal or banking information. No matter what story you are told, if it seems a bit odd or out of the blue, don’t give away your passwords, personal details or banking details.
- Use a phone number the suspicious caller gave you.
If you have accidentally shared your banking information over the phone and you are worried, call us as soon as possible on the phone numbers provided below. Fraudsters can stay on the line after you have finished the call, so either use a different phone to report the incident or wait a few minutes and then call someone you know first, so that you can be sure the fraudster has disconnected completely.
Further information
To find out more about fraudster Tactics, and what you can do to protect yourself please refer to the Fraudster tactics section of our website.
Report Fraud
If you suspect suspicious activity on your account, or if you have provided personal information in response to a suspicious email, text or telephone call, please contact us as soon as possible on the below contact numbers:
Northern Ireland
Freephone (Personal accounts): 0800 121 7790 (24 hours, 7 days a week).
365 Online: 0345 7 365 555Great Britain
365 Online: 0345 7 365 333Republic of Ireland
365 Online: 1890 365 200/ 0818 365 365Abroad
365 Online: +44 345 7365 555365 Opening hours: Monday-Friday: 8am-8pm, Saturday: 9am-5pm, Bank and Public holidays: 10am-5pm, Sunday: Closed.
To report suspicious Bank of Ireland related emails or texts, send the suspicious email or text to 365security@boi.com
If we need to contact you about a potential fraud on your account, we will do this via a secure channel including, but not limited to, SMS or email.
- Scam phone calls and fake text messages from fraudsters pretending to be from Bank of Ireland UK (BOIUK)
Fraudsters are contacting BOIUK customers either by phone (vishing) or by text (smishing) and gaining enough personal and bank information to make fraudulent payments from customer’s accounts.Scam Phone calls (Vishing)
Fraudsters are calling BOIUK customers pretending to be from a BOIUK fraud department. They claim that your account has been compromised and ask for your personal data, bank card or bank account details.What you can do
- Don’t give away personal or banking information. No matter what story you are told, if it seems a bit odd or out of the blue, don’t give away your passwords, personal details or banking details.
- If you receive a suspicious call, hang up and don’t call back any number the caller may have given you. Remember: Bank of Ireland will never ask for your full login PIN or full banking details over the phone.
- If you have accidentally shared your banking information over the phone and you are worried, call us immediately on one of our numbers listed below. Fraudsters can stay on the line after you have finished the call, so either use a different phone to report the incident or wait a few minutes and then call someone you know first, so that you can be sure the fraudster has disconnected completely.
Fake Text messages (Smishing)
Fraudsters are sending fake text messages to BOIUK customers pretending to be from us, the text messages can appear in your existing message feed with BOIUK, so they can be hard to identify. The text messages could have a link to a fake BOIUK website, or it could provide you with a fake telephone number to call. Customers are being asked to remain vigilant against fraud.Remember, Bank of Ireland UK will never:
- Send you a text or email with a link directly to the login page of our online banking channels to confirm banking details or ask you to update their banking details
- Ask you to click a link in an email with an urgent warning about suspicious activity on your account
- Ask you to transfer money out of your account to protect you from fraud
- Ask you to tell us any ‘one-time password’ or code that you have received from us by text
- Ask you to share or send us your full six-digit 365 PIN, four-digit card PIN or Business On Line credentials
- Ask you to send us back your bank card
For more information on how to protect yourself please refer to the Protect yourself link in our website.
Examples of smishing
Please see below some examples of smishing
For more smishing examples please refer to our gallery of phishing and smishing examples here.
Report Fraud
If you suspect suspicious activity on your account, or if you have provided personal information in response to a suspicious email, text or telephone call, please contact us as soon as possible on the below contact numbers:Northern Ireland
Freephone (Personal accounts): 0800 121 7790 (24 hours, 7 days a week).
Freephone (Business accounts): 0800 032 1288 (24 hours, 7 days a week).
365 Online: 0345 7 365 555
Business Online: 0345 309 8123Great Britain
365 Online: 0345 7 365 333
Business Online: 0345 309 8124Republic of Ireland
365 Online: 1890 365 200/ 0818 365 365
Business Online: 1890 818 265Abroad
365 Online: +44 345 7365 555
Business Online: +353 1 440 6445365 Opening hours: Monday-Friday: 8am-8pm, Saturday: 9am-5pm, Bank and Public holidays: 10am-5pm, Sunday: Closed.
Business Online Opening hours: Monday-Friday 8am-6pm. Closed Saturday, Sunday, Bank and Public holidays.
If we need to contact you about a potential fraud on your account, we will do this via a secure channel including, but not limited to, SMS or email.
To report suspicious Bank of Ireland related emails or texts (both personal and business customers), send the suspicious email or text to 365security@boi.com
- Invoice Redirection Fraud (Business banking)
We have seen an increase in Invoice Redirection fraud in 2020.
Invoice Redirection fraud is where fraudsters pretend to be a supplier or service provider for your business in order to trick you into changing bank account payee details. They contact you to tell you that their bank account details have changed and to ask you to send all payments to a new account. This is an account controlled by the fraudster.
What to look out for
- The fraudsters may write to your company’s finance or payments department either on forged headed paper or by email, pretending to be one of your suppliers.
- Typically, they tell you that their account details have changed.
- The payee account may be located either in the UK or overseas.
- The fraudster may ask an employee in your company to either send a pending payment to the new account or, alternatively, to ensure that all future payments are sent to the new account.
What you can do
If a company requests a change of payment details, always follow these simple verification steps before making payments:
- Verify the change by contacting a known contact in the company directly, using contact details held on record, or by using a phone number displayed on the company’s website. Links or contact details contained in the email or letter requesting the change could be fraudulent. Don’t use them.
- Fraudsters may change an email address to make it look as though it has come from someone you are used to dealing with. Always check email addresses carefully.
- Regularly review supplier records to ensure they are up to date.
- Ensure that your employees are aware of this type of threat and how to avoid it.
- Contact us immediately if you receive a suspicious email or letter relating to payments or the Police if you think you have been the victim of fraud.
We encourage you to Take Five by following the below steps:
- Never disclose security details, such as your PIN or full banking password
- Don’t assume an email or phone call is authentic
- Don’t be rushed – a genuine organisation won’t mind waiting
- Listen to your instincts – you know if something doesn’t feel right
- Stay in control – don’t panic or make a decision you’ll regret.
Report Fraud
To report online fraud, suspicious activity on your account, or if you have provided personal information in response to a suspicious email, text or phone call.
Call us on:
Northern Ireland
Freephone (Business accounts): 0800 032 1288 (24 hours, 7 days a week).
Business online: 0345 309 8123
Great Britain
Business Online: 0345 309 8124
Republic of Ireland
Business Online: 1890 818 265Abroad
Business Online: +353 1 440 6445
Business Online Opening hours: Monday-Friday 8am-6pm. Closed Saturday, Sunday, Bank and Public holidays.To report suspicious Bank of Ireland related emails or texts (both personal and business customers), send the suspicious email or text to 365security@boi.com.
If we need to contact you about a potential fraud on your account, we will do this via a secure channel including, but not limited to, SMS or email.
- Investment Scams with high interest returns
In the current low interest rate environment fraudsters are seizing the opportunity to take advantage of people by offering high interest returns on various investments particularly crypto-currency. Fraudsters can be very convincing, they may have created a professional and legitimate looking company website, but please always #Takefive when considering investing your money and remember, if it’s too good to be true it probably is.Common investment scams
Fraudsters target victims in several different ways so please always remain vigilant to prevent yourself becoming a victim of investments scams. Two common ways we have seen people become a victim of an investment scam in the current low interest rate environment are:
- Fraudsters are posing as legitimate firms and offering high interest returns. People fall victim to these scams when they are researching products with better returns; such as investments, bonds & bitcoin, they come across the fraudulent company online and invest their money with them.
- Fraudsters contact people offering an investment opportunity by telephone call, text message, email, letter or home visit. Often the fraudster will put you under pressure to commit to the investment opportunity quickly.
What to look out for
- The fraudster usually pressurises you into acting quickly and without thinking.
- The fraudster instructs you to make an urgent payment.
- The fraudster sends you a text message with a link to their fake website.
- The fraudster may promise an insurance or protection, saying your capital will be protected.
What you can do
Please always #takefive before investing your money into a new investment opportunity, some things you can do to check it the company you are investing with are legitimate are:
- Check the FCA Financial Services Register to check if the company/individual you have been corresponding with has permissions to provide the products/advice they are offering.
- Check the FCA Warning List to check if the investment opportunity is likely a scam.
- Check the FCA Unauthorised firms and individuals to identify if the company/individual you are corresponding with is unauthorised.
We encourage you to Take Five by following the below steps:
- Never disclose security details, such as your PIN or full banking password
- Don’t assume an email or phone call is authentic
- Don’t be rushed – a genuine organisation won’t mind waiting
- Listen to your instincts – you know if something doesn’t feel right
- Stay in control – don’t panic or make a decision you’ll regret.
Report Fraud
If you get a suspicious call or email, especially after sending a tweet to us, or if you notice any suspicious activity:- Terminate the call without providing any personal details or financial information.
- Do not respond to or click on any links in suspicious texts or emails.
- Never provide your full banking PIN to anyone.
- Report your concerns to 365security@boi.com (include the phone number, a screenshot of the text if possible, or forward the email).
You can also contact us on one of the emergency numbers below (do not use a phone number given to you in the text or email as this could be fake):
Northern Ireland
Freephone (Personal accounts): 0800 121 7790 (24 hours, 7 days a week).
Freephone (Business accounts): 0800 032 1288 (24 hours, 7 days a week).
365 Online: 0345 7 365 555
Business Online: 0345 309 8123Great Britain
365 Online: 0345 7 365 333
Business Online: 0345 309 8124Republic of Ireland
365 Online: 1890 365 200/ 0818 365 365
Business Online: 1890 818 265Abroad
365 Online: +44 345 7365 555
Business Online: +353 1 440 6445365 Opening hours: Monday-Friday: 8am-8pm, Saturday: 9am-5pm, Bank and Public holidays: 10am-5pm, Sunday: Closed.
Business Online Opening hours: Monday-Friday 8am-6pm. Closed Saturday, Sunday, Bank and Public holidays.
If we need to contact you about a potential fraud on your account, we will do this via a secure channel including, but not limited to, SMS or email.
In 2015, £755 million was lost to financial fraud, but we can all help to lower this figure by remembering one simple action – to stop and think.
That’s why the Take Five campaign – led by UK Finance – is encouraging the nation to do just that; to take time to stop, step back and think before they act.
If you receive a request to hand over (or do something with) personal or financial information, you need to take a moment to reflect and step back from the situation. Yes, even if they say they’re the bank, police or another trusted organisation, you still need to take the time to stop and think about what’s really going on.
Because deep down, you probably already know these basic rules on how to beat financial fraud – you just need to take a deep breath and stay calm enough to remember them.
- Never disclose security details, such as your PIN or full banking password
- Don’t assume an email or phone call is authentic
- Don’t be rushed – a genuine organisation won’t mind waiting
- Listen to your instincts – you know if something doesn’t feel right
- Stay in control – don’t panic or make a decision you’ll regret
Take Five, a new national campaign led by UK Finance, is here to help you take action against the financial fraud that affects millions of people in the UK each year. If you think there has been fraud on your card or bank account – or if you suspect anyone has attempted to obtain your financial details – report it immediately to your bank or other financial services provider and then contact Action Fraud on 0300 123 2040 or at www.actionfraud.police.uk.
For more information you can download the Take Five customer advice guide below or visit www.takefive-stopfraud.org.uk
You can be approached by fraudsters online or in person. They might post what looks like a genuine job ad, then ask for your bank details.
Once you become a money mule, it can be hard to stop. You could be physically attacked or threatened with violence if you don’t continue to let your account be used by criminals.
When you’re caught:
- Your bank account will be closed.
- You will find it hard to access further student loans.
- It will be difficult to get a mobile phone contract.
- You will have problems applying for credit.
- You could go to prison for up to 14 years.
Students can become money mules unwittingly. They might think they’re giving out their bank details for a genuine reason, then end up involved in money mule fraud.
Don’t Be Fooled. Follow this advice:
- Don’t give you bank account details to anyone unless you know and trust them.
- Be cautious of unsolicited offers of easy money. If it sounds too good to be true, it probably is.
- Research any company that makes you a job offer and make sure their contact details are genuine.
- Be wary of job offers from overseas. It will be harder for you to find out if they are legitimate.
- Be wary of job ads that are written in poor English, with grammatical errors and spelling mistakes.
For more information, visit the Money Mules website.