Fraud alerts

Read about ways in which fraudsters have attempted to gain information from individuals and what you can do to help prevent yourself falling victim from these or similar scams.

• Investment Scam
  
  We are aware of an investment scam circulating where fraudsters are contacting customers by telephone and email, claiming to be from Bank of Ireland UK offering information on investments. Bank of Ireland UK does not offer investment services. The callers are offering a range of bonds. The fraudsters have added features to their emails and documents in an attempt to make them look genuine; for example the fraudsters have added a link in their email signature to the genuine Bank of Ireland UK website.

  Please always remain vigilant and check independently the authenticity of any company that have approached you to make investments of any type. You can check the FCA Warning List for firms to avoid. Learn more by visiting the FCA website for guidance on how to avoid investment scams.

  Here are two examples of the emails that were sent to potential victims:

  • 
  • 

  Report Concerns

  • If you get a suspicious call or email, especially after sending a tweet to us, or if you notice any suspicious activity:
  • Terminate the call without providing any personal details or financial information.
  • Do not respond to or click on any links in suspicious texts or emails.
  • Never provide your full banking PIN to anyone.
  • Report your concerns to 365security@boi.com (include the phone number, a screenshot of the text if possible, or forward the email).
  • You can also contact us on one of the emergency numbers below (do not use a phone number given to you in the text or email as this could be fake):

  Great Britain & Northern Ireland
  Freephone: 0800 121 7790 (for 365 & Credit Card customers)

  Great Britain & Northern Ireland
  Freephone: 08000 321 288 (for BOL & Global Market customers)

  Republic of Ireland
  Freephone: 1800 946 764 (Personal and Business)

  Everywhere outside Republic of Ireland, Great Britain & Northern Ireland
  Not Freephone + 353 5677 57007

  We encourage you to Take Five by following the below steps:

  1. Never disclose security details, such as your PIN or full banking password
  2. Don’t assume an email or phone call is authentic
  3. Don’t be rushed – a genuine organisation won’t mind waiting
  4. Listen to your instincts – you know if something doesn’t feel right
  5. Stay in control – don’t panic or make a decision you’ll regret.

• Coronavirus related scams
  
  COVID-19 Alert
  On 24th March 2020 the UK Government sent the entire nation a SMS regarding Covid19. The message was unexpected and contained a link to the exceptions from staying at home.

  We are aware that criminals have dropped a message into the same message thread about fines for leaving home. Please never click on links in text messages and forward any suspicious text messages to 7726 to support the mitigation and disruption of new attacks.

  COVID-19 related scams

  Fraudsters are exploiting the spread of COVID-19 coronavirus to facilitate various types of fraud and cybercrime.

  Reports were made by victims that attempted to purchase protective face masks from fraudulent sellers and also coronavirus-themed phishing emails in an attempt to trick people into opening malicious attachments or revealing personal and financial details.

  Watch out for scam messages:
  Don’t click on the links or attachments in suspicious emails, and never respond to unsolicited messages and calls that ask for your personal or financial details.

  Shopping online:
  If you’re making a purchase from a company or person you don’t know and trust, carry out some research first, and ask a friend or family member for advice before completing the purchase. If you decide to go ahead with the purchase, use a credit card if you have one, as most major credit card providers insure online purchases.

  For more information on how to shop online safely, please visit: https://www.actionfraud.police.uk/shoponlinesafely

  Protect your devices from the latest threats:
  Always install the latest software and app updates to protect your devices from the latest threats.

  For information on how to update your devices, please visit:
  https://www.ncsc.gov.uk/guidance/securing-your-devices

  For information about Coronavirus please visit:
  https://www.nhs.uk/conditions/coronavirus-covid-19/
  

• Phishing scam targeted at university students
  
  The purpose of this alert is to raise awareness of a phishing scam targeted at students in UK universities.

  The phishing campaign claims that the student has been awarded an educational grant as part of a student support programme. The email example below purports to have come from the Finance Department of the student’s university. It tricks the recipient into clicking on a hyperlink contained in the message to provide personal details on a webpage.

  Victims report that after submitting their sensitive information (including name, address, date of birth, bank account details, National Insurance Number and mother’s maiden name), they were taken to a spoofed website which appeared to be a genuine representative of their online bank, where they were directed to type in their online banking credentials.

  

  Protection and Advice

  • Don’t open attachments or click on the links within any unsolicited emails you receive, and never respond to emails that ask for your personal or financial details.
  • An email address can be spoofed, so even if the email appears to be from a person or company you know of, but the message is unexpected or unusual, then contact the sender directly via another method to confirm that they sent you the email.
  • If you receive an email which asks you to login to an online account, go directly to the website yourself instead of using the link provided in the email.
  • If you suspect an email is a scam, do not reply to the sender. Where possible, flag the email as spam and then delete it.
  • Always install software updates as soon as they become available. Whether you’re updating the operating system or an app, the update will often contain fixes for critical security vulnerabilities.
  • If you think your bank details have been compromised and/or you have lost money due to fraudulent misuse of your cards, you should immediately contact the bank and report it to Action Fraud.

• Fake PC Support Calls
  
  The Bank wishes to alert customers and members of the public to a scam that is currently active in the marketplace.

  Consumers are receiving telephone calls from persons claiming to be security engineers from a major computer company (they’re not!), or working on behalf of a major international computer company (they don’t), to tell them they have a virus on their computer (not true!).

  Key Points:

  Consumers are cold called by someone claiming to be from a computer firm and told there is a problem with their computer and offering help to solve the computer problems.

  Once the caller has gained the consumer’s trust, they ask the consumer to log onto a website to download a file to help solve the problem, or

  The caller may ask the consumer to allow them online access to the consumer’s PC so that they can run a quick scan. Having done so, many victims report seeing the cursor on screen being manipulated by the caller as he/she configures the consumer’s PC.

  The caller will then ask for the victim’s credit card details in order to ‘purchase’ a software package which will fix the virus. They also potentially attempt to steal from the victim by accessing personal information on their computer. In addition to gaining access to personal details, they can also infect the computer with damaging viruses and spyware.

  Detail:

  Customers and members of the public are encouraged to treat all such unsolicited phone calls with scepticism and not to provide any personal banking information (including Credit Card details) to anyone over the phone or online in response to these calls.

  Anyone who receives an unsolicited call from a person claiming to be from a computer firm or a PC Repair business should hang up. Legitimate business firms do not make these kinds of calls.

  Police intelligence suggests that such calls originate from Asia and Africa and the phone numbers quoted are usually fake. It is believed that auto-dial machines are being used to perpetrate this scam and this has resulted in both customers and businesses (including bank branches) receiving these bogus calls.

  Action:

  If you receive a call from one of these fraudsters,

  1. DO HANG UP,
  2. DO NOT give these callers online access to your PC,
  3. DO NOT give these callers your Credit Card details,
  4. DO keep your anti-virus software up to date.

  If you suspect fraud has occurred on your Bank of Ireland UK Credit Card, customers can contact 0345 309 8099, option 1.
  

• Business warned of new spoof email scam
  
  Businesses are being warned of a new email scam in which fraudsters impersonate a senior member of their company to deceive staff into transferring money.

  The scam involves a criminal sending an email to a member of staff in a company’s finance department which appears to be from a senior colleague, such as the finance director or chief executive, according to intelligence reported to Financial Fraud Action UK. Fraudsters use software which manipulates the characteristics of an email, including the sender address, so that it looks genuine. This means the spoof email appears in the recipient’s inbox in just the same way as a regular email from the same contact. The email requests that an urgent payment is made outside of normal procedures, often giving a pressing reason such as the need to secure an important contract. However, the account to which the payment is made is in fact controlled by the fraudster. Upon receipt of the funds, the money is then quickly withdrawn.

  Fraudsters have also hacked the genuine email accounts of senior staff, often on web-based services, before sending the fraudulent emails.
  Criminals use publicly available information to gain knowledge of target companies, such as the names of senior staff.

  Advice on avoiding this scam:

  • Always check any unusual payment requests directly, ideally in person or by telephone, to confirm the instruction is genuine. Do not use contact details from the email.
  • Establish a documented internal process for requesting and authorising all payments and be suspicious of any request to make a payment outside of the company’s standard process.
  • Be cautious about any unexpected emails which request urgent bank transfers, even if the message appears to have originated from someone from your own organisation.
  • Ensure email passwords are robust.
  • Consider whether the email contains unusual language or is written in different style to other emails from the sender.

  Details of the FFA and the recent press release can be found at www.financialfraudaction.org.uk/latest-news.asp

• Boiler room investor fraud
  
  The Bank wishes to alert Customers and members of the public to the threat of share sale fraud – more commonly known as Boiler Room scams.

  Share sale, boiler room, hedge fund or bond fraud involves bogus brokers, usually based overseas, cold calling people to pressure them into buying shares that promise high returns or whose share price is about to ‘go through the roof’. In reality, the shares are either worthless or non-existent.

  Boiler room fraudsters are highly trained and use ‘hard sell’ techniques to pressurize investors into making rushed decisions to buy shares which are of little or no value.

  If you deal with a share sale fraudster or Boiler Room you’ll almost certainly lose the money you’ve invested and you won’t have any right to claim compensation under the Financial Services Compensation Scheme, as the Boiler Room firm is NOT AUTHORISED as an investment firm by the Financial Conduct Authority.

  Key points:

  Most Boiler Room scams start with an UNSOLICITED phone call, in which a professional sounding ‘stockbroker’ offers you a fantastic investment opportunity.

  These salespeople are persistent and are trained in dealing with any objections or questions, they specialize in using high pressure ‘hard sell’ tactics in order to persuade victims to agree to buy shares, they will often claim that by agreeing to buy the shares you have ‘entered into a contract’ to do so.

  They will urge you to be discreet and not to tell anyone else about the deal, this enables them to continue cold calling hundreds of other potential victims while the scam is running.

  In order to appear legitimate, firms will often have websites which look professional, they may provide official-looking documentation and share certificates, all these are ultimately worthless.

  As most Boiler Rooms are based overseas you will be asked to send your “investment” by International Payment, you will probably never get any money back.

  Remember: if it looks too good to be true, it probably is!

  Advice for Customers:

  If you receive an UNSOLICITED call from a person who offers you an opportunity to invest in shares HANG UP.

  Genuine UK investment firms are authorised by the Financial Conduct Authority. If you wish to check whether a firm is authorised you may do so on their website:

  http://www.fca.org.uk/firms/systems-reporting/register

  If in doubt, refer your query to a Qualified Financial Advisor who is known to you – explaining why you are concerned.

  If you think you may have been duped by a boiler room scam you should report it to the Financial Conduct Authority and to the Police.

  Recovery Fraud:

  People who have lost money on Boiler Room scams may subsequently find themselves being targeted in a ‘recovery room’ fraud, where the victim receives a call from a firm who will claim that they can help to recover the lost investment monies.

  This however, is simply another part of the boiler room scam and the ‘recovery’ firm will request upfront payment of substantial fees before they handle your case, again this is just another way of scamming more money from victims.
  

Archive

Banking fraud control comparison data

• Fraud prevention philosophy
  
  What is our approach to fraud prevention?

  Keeping customers’ accounts secure is a top priority for us, but it is also important for you to protect yourself from fraudsters. The safety of our colleagues and customers is always a top priority for the bank. Our Security teams work round the clock to ensure our bank is a safe place to work, with plans, processes and controls in place to protect our customer’s finances.

  What controls do you have in place / How do we protect you?

  Online Security

  Our websites are encrypted to protect your information.
  Please use a secure browser to access account information and transact.
  Our websites are protected by a firewall (a barrier between the internet and our internal bank network).

  When you log on to Bank of Ireland 365 online, we’ll ask you for:

  • A private and individual User ID
  • 3 random digits from your 365 login PIN
  • A personal detail question

  This information is encrypted and will stay private if you don’t disclose it.

  Two factor authentication

  • You need a Two Factor Authentication to add or edit a payee on 365 online
  • We’ll text a code to your registered mobile phone, or send via post if you prefer

  Protecting your business with Bank of Ireland award-winning* KeyCode. It has many features and benefits including:

  • Unique, one-off codes you can use to log on to Business On Line and authorise payments and payees
  • You need a secure PIN to access the KeyCode app. This One Time Code is generated per transaction and expires when used, or after 60 seconds
  • KeyCode only works on your registered device, along with your corresponding Business On Line User ID
  • The app is registered to one individual user.

  Daily Control Limit

  • The administrator and your relationship manager will set a Daily Control Limit (DCL) on your Business On Line profile
  • This limit means your profile is less likely to be exposed to fraud.

  Winner of ‘Best Information Security Initiatives (Corporate/Institutional)’ in Western Europe, Global Finance Best Digital Bank Awards 2017
  

• Customer education and awareness
  
  What do you do to educate your customers to ensure they are fully aware of the latest fraud trends / advice?

  We reach our customers in several ways:

  Online & Social Media
  A wide range of Security and Fraud information is available within our Security Zone area on Bank of Ireland UK website. It’s specifically designed to highlight current scams and types of fraud along with measures you can take to help protect yourself.

  We have information about Fraud Alerts on a range of topics including Data Breaches, Phishing, Money Mules, Boiler Room Scams, and CEO fraud.
  We are supporters of the national Take Five campaign that offers straight forward and impartial advice to help everyone to protect themselves from preventable financial fraud.

  Educational content is sent within statement emails and our members are provided with fraud prompts on the Internet Bank and Banking App.
  We regularly post on the Social media platforms material concerning fraud.

  We also provide general guidance on How to Protect Yourself Online with information about Anti-virus software, operating systems, browsers and firewalls.

  Our ATMs carry fraud warnings particularly to guard against prying eyes when entering a PIN.

  Branch
  All our branches have fraud education material available and staff are trained to ask the right questions to help detect scams when processing payments. Branch colleagues are trained to identify fraud and victims of fraud, and provide bespoke advice including invocation of the Banking protocol. There are frequent communications delivered to branch colleagues raising the awareness of fraud and scams.

  All Bank of Ireland UK colleagues have to complete annual mandatory training which covers a broad spectrum of fraud education.
  

• Contact
  
  How and when we would contact our customers

  We will contact our customers using email, phone calls, text messages and by letter. Customers should always take the necessary precaution to ensure they are talking to who they think they are.

  We also utilise various security controls and offer guidance for identifying malicious contact on our website.

  Examples of the controls / guidance we offer include;

  One-time passcodes – When we need to verify who you are, we’ll send a unique code to the mobile you gave us when you opened your account.
  The text will state exactly what the code is for, like creating a new payee. You shouldn’t tell anyone what this code is other than a Bank ABC colleague. If someone asks for the code but for a different reason than is stated in the text message, you shouldn’t answer them.
  If you get a one-time passcode message you’re not expecting, give us a call on 0345 309 8099

  Text Alerts – If we notice something suspicious or need to get in touch with you, we may send you an alert either by email or text message.
  While we may ask you to reply to messages, we’ll never:

  • Include a link to a log in page
  • Ask for your complete security number, password, or card number
  • Ask you for answers to your security questions

  If you’re not sure whether a text or email is genuine, give us a call on 0345 309 8099

  How and when can our customers contact us regarding fraud/ fraud prevention?

  If you believe you are a victim or fraud, or you require any fraud prevention advice customers can contact us 24 hours a day. Our contact numbers can be found here.
  

• How we collaborate with the rest of the industry
  
  Industry initiatives/ collaboration

  • We are members of UK Finance and take an active part in all Industry Fraud initiatives.
  • We are members of CIFAS – The UK Fraud Prevention Service.
  • We contribute to the funding of the DCPCU. The DCPCU is a national police unit formed between the City of London Police, the Metropolitan Police Service, UK Finance and the Home Office.
  • We share fraud intelligence with the rest of the banking industry and law enforcement to protect our customers.
  • We are a signatory to the Take Five Charter which provides our customers with up to date advice on fraud prevention.
  • We are a participant of the Banking Protocol which helps our customers from being targeted by fraudsters and rouge traders.
  • We work with other banks to quickly recover fraudulent funds for our customers.

• Summary
  
  We are the Partnership Bank.
  We provide simple, flexible, financial services to UK customers both directly and through partnerships with well-known UK brands. Technology is making it quicker and easier to stay on top of your finances wherever and whenever you want. As more of our customers choose to use new ways of banking such as phone, tablet or computer, we’re committed to keeping their accounts and information secure
  

• Complete Banking Fraud Control Comparison Data
  
  For the complete Banking Fraud Control Comparison Data, please click here.
  

Take Five campaign

In 2015, £755 million was lost to financial fraud, but we can all help to lower this figure by remembering one simple action – to stop and think.

That’s why the Take Five campaign – led by UK Finance – is encouraging the nation to do just that; to take time to stop, step back and think before they act.

If you receive a request to hand over (or do something with) personal or financial information, you need to take a moment to reflect and step back from the situation. Yes, even if they say they’re the bank, police or another trusted organisation, you still need to take the time to stop and think about what’s really going on.

Because deep down, you probably already know these basic rules on how to beat financial fraud – you just need to take a deep breath and stay calm enough to remember them.

1. Never disclose security details, such as your PIN or full banking password
2. Don’t assume an email or phone call is authentic
3. Don’t be rushed – a genuine organisation won’t mind waiting
4. Listen to your instincts – you know if something doesn’t feel right
5. Stay in control – don’t panic or make a decision you’ll regret

Take Five, a new national campaign led by UK Finance, is here to help you take action against the financial fraud that affects millions of people in the UK each year. If you think there has been fraud on your card or bank account – or if you suspect anyone has attempted to obtain your financial details – report it immediately to your bank or other financial services provider and then contact Action Fraud on 0300 123 2040 or at www.actionfraud.police.uk.

For more information you can download the Take Five customer advice guide below or visit www.takefive-stopfraud.org.uk

Take Five customer advice guide Download

Don't be fooled campaign

Fraudsters may ask you to receive money into your bank account and transfer it into another account, keeping some of the cash for yourself. If you let this happen, you’re a money mule. You’re involved in money laundering, which is a crime.

You can be approached by fraudsters online or in person. They might post what looks like a genuine job ad, then ask for your bank details.

Once you become a money mule, it can be hard to stop. You could be physically attacked or threatened with violence if you don’t continue to let your account be used by criminals.

When you’re caught:

• Your bank account will be closed.
• You will find it hard to access further student loans.
• It will be difficult to get a mobile phone contract.
• You will have problems applying for credit.
• You could go to prison for up to 14 years.

Students can become money mules unwittingly. They might think they’re giving out their bank details for a genuine reason, then end up involved in money mule fraud.

Don’t Be Fooled. Follow this advice:

• Don’t give you bank account details to anyone unless you know and trust them.
• Be cautious of unsolicited offers of easy money. If it sounds too good to be true, it probably is.
• Research any company that makes you a job offer and make sure their contact details are genuine.
• Be wary of job offers from overseas. It will be harder for you to find out if they are legitimate.
• Be wary of job ads that are written in poor English, with grammatical errors and spelling mistakes.

For more information, visit the Money Mules website.