How we protect you Fraud alerts

Fraud alerts

Read about ways in which fraudsters have attempted to gain information from individuals and what you can do to help prevent yourself falling victim from these or similar scams.

  • Invoice Redirection Fraud (Business banking)

    We have seen an increase in Invoice Redirection fraud in 2020.

    Invoice Redirection fraud is where fraudsters pretend to be a supplier or service provider for your business in order to trick you into changing bank account payee details. They contact you to tell you that their bank account details have changed and to ask you to send all payments to a new account. This is an account controlled by the fraudster.

    What to look out for

    • The fraudsters may write to your company’s finance or payments department either on forged headed paper or by email, pretending to be one of your suppliers.
    • Typically, they tell you that their account details have changed.
    • The payee account may be located either in the UK or overseas.
    • The fraudster may ask an employee in your company to either send a pending payment to the new account or, alternatively, to ensure that all future payments are sent to the new account.

    What you can do

    If a company requests a change of payment details, always follow these simple verification steps before making payments:

    • Verify the change by contacting a known contact in the company directly, using contact details held on record, or by using a phone number displayed on the company’s website. Links or contact details contained in the email or letter requesting the change could be fraudulent. Don’t use them.
    • Fraudsters may change an email address to make it look as though it has come from someone you are used to dealing with. Always check email addresses carefully.
    • Regularly review supplier records to ensure they are up to date.
    • Ensure that your employees are aware of this type of threat and how to avoid it.
    • Contact us immediately if you receive a suspicious email or letter relating to payments or the Police if you think you have been the victim of fraud.

    We encourage you to Take Five by following the below steps:

    1. Never disclose security details, such as your PIN or full banking password
    2. Don’t assume an email or phone call is authentic
    3. Don’t be rushed – a genuine organisation won’t mind waiting
    4. Listen to your instincts – you know if something doesn’t feel right
    5. Stay in control – don’t panic or make a decision you’ll regret.

    Report Fraud

    To report online fraud, suspicious activity on your account, or if you have provided personal information in response to a suspicious email, text or phone call.

    Call us on:
    Northern Ireland
    Freephone (Business accounts): 0800 032 1288 (24 hours, 7 days a week).
    Business online: 0345 309 8123
    Great Britain
    Business Online: 0345 309 8124
    Republic of Ireland
    Business Online: 1890 818 265

    Abroad
    Business Online: +353 1 440 6445
    Business Online Opening hours: Monday-Friday 8am-6pm. Closed Saturday, Sunday, Bank and Public holidays.

    To report suspicious Bank of Ireland related emails or texts (both personal and business customers), send the suspicious email or text to 365security@boi.com.

    If we need to contact you about a potential fraud on your account, we will do this via a secure channel including, but not limited to, SMS or email.

  • Christmas Shopping Fraud aware

    Christmas shopping creates the busiest time of year for retail, due to Covid-19 this year a lot of people will be doing their Christmas Shopping online. Fraudsters will try to take advantage of this so we are reminding our customers to take extra care when doing their Christmas shopping online this year.

    What to look out for

    Is the website safe?

        • Always go directly to the site or access it via a search engine (e.g. Google, Bing) first. Never follow links on websites or in emails if you are suspicious.
        • Ensure the web address is what you expected (e.g. check for incorrect spelling).
        • When entering login details or personal information, be sure the web page you are viewing offers encryption of your data by checking:
          • The web address (URL) has changed from ‘http’ to ‘https’.
          • A closed padlock icon is present.
          • Your browser address window may be green.
          • Always ensure you are buying only from reputable retailers, whether from personal experience or trustworthy recommendations. If it is not a well-known shopping site, do some research and look for independent reviews rather than trusting testimonials on the site itself.
        1. Use a guaranteed payment method such as PayPal when shopping online.
        2. If it looks too good to be true, it probably is.
        3. Always view large purchases in person prior to paying for them.

        Fraudster Tactics
        Fraudsters will try to contact people by email, text, phone, social media and home visits with an aim of scamming you into giving them your money. Please refer to the Protect yourself section of our website to find out more about how you can identify suspicious activity, and what you can do to protect yourself.

        We encourage you to Take Five by following the below steps:

        1. Never disclose security details, such as your PIN or full banking password
        2. Don’t assume an email or phone call is authentic
        3. Don’t be rushed – a genuine organisation won’t mind waiting
        4. Listen to your instincts – you know if something doesn’t feel right
        5. Stay in control – don’t panic or make a decision you’ll regret.

        Report Fraud
        If you get a suspicious call or email, especially after sending a tweet to us, or if you notice any suspicious activity:

        • Terminate the call without providing any personal details or financial information.
        • Do not respond to or click on any links in suspicious texts or emails.
        • Never provide your full banking PIN to anyone.
        • Report your concerns to 365security@boi.com (include the phone number, a screenshot of the text if possible, or forward the email).

        You can also contact us on one of the emergency numbers below (do not use a phone number given to you in the text or email as this could be fake):

        Northern Ireland
        Freephone (Personal accounts): 0800 121 7790 (24 hours, 7 days a week).
        Freephone (Business accounts): 0800 032 1288 (24 hours, 7 days a week).
        365 Online: 0345 7 365 555
        Business Online: 0345 309 8123

        Great Britain
        365 Online: 0345 7 365 333
        Business Online: 0345 309 8124
        Lost/Stolen cards: 0800 121 7790 (24 hours, 7 days a week)

        Republic of Ireland
        365 Online: 1890 365 200/ 0818 365 365
        Business Online: 1890 818 265
        Lost/Stolen cards: +353 5 6775 7007 (24 hours, 7 days a week)

        Abroad
        365 Online: +44 345 7365 555
        Business Online: +353 1 440 6445
        Lost/Stolen cards: +353 5 6775 7007 (24 hours, 7 days a week)

        365 Opening hours: Monday-Friday: 8am-8pm, Saturday: 9am-5pm, Bank and Public holidays: 10am-5pm, Sunday: Closed.

        Business Online Opening hoursMonday-Friday 8am-6pm. Closed Saturday, Sunday, Bank and Public holidays.

        If we need to contact you about a potential fraud on your account, we will do this via a secure channel including, but not limited to, SMS or email.

  • Investment Scams with high interest returns

    In the current low interest rate environment fraudsters are seizing the opportunity to take advantage of people by offering high interest returns on various investments particularly crypto-currency. Fraudsters can be very convincing, they may have created a professional and legitimate looking company website, but please always #Takefive when considering investing your money and remember, if it’s too good to be true it probably is.

    Common investment scams

    Fraudsters target victims in several different ways so please always remain vigilant to prevent yourself becoming a victim of investments scams. Two common ways we have seen people become a victim of an investment scam in the current low interest rate environment are:

    1. Fraudsters are posing as legitimate firms and offering high interest returns. People fall victim to these scams when they are researching products with better returns; such as investments, bonds & bitcoin, they come across the fraudulent company online and invest their money with them.
    2. Fraudsters contact people offering an investment opportunity by telephone call, text message, email, letter or home visit. Often the fraudster will put you under pressure to commit to the investment opportunity quickly.

    What to look out for

    • The fraudster usually pressurises you into acting quickly and without thinking.
    • The fraudster instructs you to make an urgent payment.
    • The fraudster sends you a text message with a link to their fake website.
    • The fraudster may promise an insurance or protection, saying your capital will be protected.

    What you can do

    Please always #takefive before investing your money into a new investment opportunity, some things you can do to check it the company you are investing with are legitimate are:

    We encourage you to Take Five by following the below steps:

    1. Never disclose security details, such as your PIN or full banking password
    2. Don’t assume an email or phone call is authentic
    3. Don’t be rushed – a genuine organisation won’t mind waiting
    4. Listen to your instincts – you know if something doesn’t feel right
    5. Stay in control – don’t panic or make a decision you’ll regret.

    Report Fraud
    If you get a suspicious call or email, especially after sending a tweet to us, or if you notice any suspicious activity:

    • Terminate the call without providing any personal details or financial information.
    • Do not respond to or click on any links in suspicious texts or emails.
    • Never provide your full banking PIN to anyone.
    • Report your concerns to 365security@boi.com (include the phone number, a screenshot of the text if possible, or forward the email).

    You can also contact us on one of the emergency numbers below (do not use a phone number given to you in the text or email as this could be fake):

    Northern Ireland
    Freephone (Personal accounts): 0800 121 7790 (24 hours, 7 days a week).
    Freephone (Business accounts): 0800 032 1288 (24 hours, 7 days a week).
    365 Online: 0345 7 365 555
    Business Online: 0345 309 8123

    Great Britain
    365 Online: 0345 7 365 333
    Business Online: 0345 309 8124

    Republic of Ireland
    365 Online: 1890 365 200/ 0818 365 365
    Business Online: 1890 818 265

    Abroad
    365 Online: +44 345 7365 555
    Business Online: +353 1 440 6445

    365 Opening hours: Monday-Friday: 8am-8pm, Saturday: 9am-5pm, Bank and Public holidays: 10am-5pm, Sunday: Closed.

    Business Online Opening hours: Monday-Friday 8am-6pm. Closed Saturday, Sunday, Bank and Public holidays.

    If we need to contact you about a potential fraud on your account, we will do this via a secure channel including, but not limited to, SMS or email.

  • Investment scam

    We have become aware on the 7th July of an investment scam circulating where fraudsters are contacting customers by telephone and email, claiming to be from Bank of Ireland UK offering information on investments. Bank of Ireland UK does not offer investment services. The callers are offering a range of bonds from many well-known investments providers primarily, but not limited to, Tesco Bank. The fraudsters have added features to their emails and documents in an attempt to make them look genuine; for example the fraudsters have added a link in their email signature to the genuine Bank of Ireland UK website and have included our genuine FCA registration number.

    Please always remain vigilant and check independently the authenticity of any company that have approached you to make investments of any type. You can check the FCA Warning List for firms to avoid. Learn more by visiting the FCA website for guidance on how to avoid investment scams.

    Here are two examples of the emails that were sent to potential victims:

    Report Concerns

    If you get a suspicious call or email, especially after sending a tweet to us, or if you notice any suspicious activity:

    • Terminate the call without providing any personal details or financial information.
    • Do not respond to or click on any links in suspicious texts or emails.
    • Never provide your full banking PIN to anyone.
    • Report your concerns to 365security@boi.com (include the phone number, a screenshot of the text if possible, or forward the email).
    • You can also contact us on one of the emergency numbers below (do not use a phone number given to you in the text or email as this could be fake):

    Great Britain & Northern Ireland
    Freephone: 0800 121 7790 (for 365 & Credit Card customers)

    Great Britain & Northern Ireland
    Freephone: 08000 321 288 (for BOL & Global Market customers)

    Republic of Ireland
    Freephone: 1800 946 764 (Personal and Business)

    Everywhere outside Republic of Ireland, Great Britain & Northern Ireland
    Not Freephone + 353 5677 57007

    We encourage you to Take Five by following the below steps:

      1. Never disclose security details, such as your PIN or full banking password
      2. Don’t assume an email or phone call is authentic
      3. Don’t be rushed – a genuine organisation won’t mind waiting
      4. Listen to your instincts – you know if something doesn’t feel right
      5. Stay in control – don’t panic or make a decision you’ll regret.

  • Coronavirus related scams

    Fraudsters are exploiting the spread of COVID-19 coronavirus to facilitate various types of fraud and cyber crime.

    Reports were made by victims that attempted to purchase protective face masks from fraudulent sellers and also coronavirus-themed phishing emails in an attempt to trick people into opening malicious attachments or revealing personal and financial details.

    Watch out for scam messages:
    Don’t click on the links or attachments in suspicious emails, and never respond to unsolicited messages and calls that ask for your personal or financial details.

    Shopping online:
    If you’re making a purchase from a company or person you don’t know and trust, carry out some research first, and ask a friend or family member for advice before completing the purchase. If you decide to go ahead with the purchase, use a credit card if you have one, as most major credit card providers insure online purchases.

    For more information on how to shop online safely, please visit: https://www.actionfraud.police.uk/shoponlinesafely

    Protect your devices from the latest threats:
    Always install the latest software and app updates to protect your devices from the latest threats.

    For information on how to update your devices, please visit:

    https://www.ncsc.gov.uk/guidance/securing-your-devices

    For information about Coronavirus please visit:
    https://www.nhs.uk/conditions/coronavirus-covid-19/

  • Phishing scam targeted at university students

    The purpose of this alert is to raise awareness of a phishing scam targeted at students in UK universities.

    The phishing campaign claims that the student has been awarded an educational grant as part of a student support programme. The email example below purports to have come from the Finance Department of the student’s university. It tricks the recipient into clicking on a hyperlink contained in the message to provide personal details on a webpage.

    Victims report that after submitting their sensitive information (including name, address, date of birth, bank account details, National Insurance Number and mother’s maiden name), they were taken to a spoofed website which appeared to be a genuine representative of their online bank, where they were directed to type in their online banking credentials.

    Protection and Advice

        • Don’t open attachments or click on the links within any unsolicited emails you receive, and never respond to emails that ask for your personal or financial details.
        • An email address can be spoofed, so even if the email appears to be from a person or company you know of, but the message is unexpected or unusual, then contact the sender directly via another method to confirm that they sent you the email.
        • If you receive an email which asks you to login to an online account, go directly to the website yourself instead of using the link provided in the email.
        • If you suspect an email is a scam, do not reply to the sender. Where possible, flag the email as spam and then delete it.
        • Always install software updates as soon as they become available. Whether you’re updating the operating system or an app, the update will often contain fixes for critical security vulnerabilities.
        • If you think your bank details have been compromised and/or you have lost money due to fraudulent misuse of your cards, you should immediately contact the bank and report it to Action Fraud.

Archive

Banking fraud control comparison data

Banking fraud control comparison data


  • Fraud prevention philosophy

    What is our approach to fraud prevention?

    Keeping customers’ accounts secure is a top priority for us, but it is also important for you to protect yourself from fraudsters. The safety of our colleagues and customers is always a top priority for the bank. Our Security teams work round the clock to ensure our bank is a safe place to work, with plans, processes and controls in place to protect our customer’s finances.

    What controls do you have in place / How do we protect you?

    Online Security

    Our websites are encrypted to protect your information.
    Please use a secure browser to access account information and transact.
    Our websites are protected by a firewall (a barrier between the internet and our internal bank network).

    When you log on to Bank of Ireland 365 online, we’ll ask you for:

    • A private and individual User ID
    • 3 random digits from your 365 login PIN
    • A personal detail question

    This information is encrypted and will stay private if you don’t disclose it.

    Two factor authentication

    • You need a Two Factor Authentication to add or edit a payee on 365 online
    • We’ll text a code to your registered mobile phone, or send via post if you prefer

    Protecting your business with Bank of Ireland award-winning* KeyCode. It has many features and benefits including:

    • Unique, one-off codes you can use to log on to Business On Line and authorise payments and payees
    • You need a secure PIN to access the KeyCode app. This One Time Code is generated per transaction and expires when used, or after 60 seconds
    • KeyCode only works on your registered device, along with your corresponding Business On Line User ID
    • The app is registered to one individual user.

    Daily Control Limit

    • The administrator and your relationship manager will set a Daily Control Limit (DCL) on your Business On Line profile
    • This limit means your profile is less likely to be exposed to fraud.
    • Winner of ‘Best Information Security Initiatives (Corporate/Institutional)’ in Western Europe, Global Finance Best Digital Bank Awards 2017



  • Customer education and awareness

    What do you do to educate your customers to ensure they are fully aware of the latest fraud trends / advice?

    We reach our customers in several ways:

    Online & Social Media
    A wide range of Security and Fraud information is available within our Security Zone area on Bank of Ireland UK website. It’s specifically designed to highlight current scams and types of fraud along with measures you can take to help protect yourself.

    We have information about Fraud Alerts on a range of topics including Data Breaches, Phishing, Money Mules, Boiler Room Scams, and CEO fraud.
    We are supporters of the national Take Five campaign that offers straight forward and impartial advice to help everyone to protect themselves from preventable financial fraud.

    Educational content is sent within statement emails and our members are provided with fraud prompts on the Internet Bank and Banking App.
    We regularly post on the Social media platforms material concerning fraud.

    We also provide general guidance on How to Protect Yourself Online with information about Anti-virus software, operating systems, browsers and firewalls.

    Our ATMs carry fraud warnings particularly to guard against prying eyes when entering a PIN.

    Branch
    All our branches have fraud education material available and staff are trained to ask the right questions to help detect scams when processing payments. Branch colleagues are trained to identify fraud and victims of fraud, and provide bespoke advice including invocation of the Banking protocol. There are frequent communications delivered to branch colleagues raising the awareness of fraud and scams.

    All Bank of Ireland UK colleagues have to complete annual mandatory training which covers a broad spectrum of fraud education.



  • Contact

    How and when we would contact our customers

    We will contact our customers using email, phone calls, text messages and by letter. Customers should always take the necessary precaution to ensure they are talking to who they think they are.

    We also utilise various security controls and offer guidance for identifying malicious contact on our website.

    Examples of the controls / guidance we offer include;

    One-time passcodes – When we need to verify who you are, we’ll send a unique code to the mobile you gave us when you opened your account.
    The text will state exactly what the code is for, like creating a new payee. You shouldn’t tell anyone what this code is other than a Bank ABC colleague. If someone asks for the code but for a different reason than is stated in the text message, you shouldn’t answer them.
    If you get a one-time passcode message you’re not expecting, give us a call on 0345 309 8099

    Text Alerts – If we notice something suspicious or need to get in touch with you, we may send you an alert either by email or text message.
    While we may ask you to reply to messages, we’ll never:

    • Include a link to a log in page
    • Ask for your complete security number, password, or card number
    • Ask you for answers to your security questions

    If you’re not sure whether a text or email is genuine, give us a call on 0345 309 8099

    How and when can our customers contact us regarding fraud/ fraud prevention?

    If you believe you are a victim or fraud, or you require any fraud prevention advice customers can contact us 24 hours a day. Our contact numbers can be found here.



  • How we collaborate with the rest of the industry

    Industry initiatives/ collaboration

    • We are members of UK Finance and take an active part in all Industry Fraud initiatives.
    • We are members of CIFAS – The UK Fraud Prevention Service.
    • We contribute to the funding of the DCPCU. The DCPCU is a national police unit formed between the City of London Police, the Metropolitan Police Service, UK Finance and the Home Office.
    • We share fraud intelligence with the rest of the banking industry and law enforcement to protect our customers.
    • We are a signatory to the Take Five Charter which provides our customers with up to date advice on fraud prevention.
    • We are a participant of the Banking Protocol which helps our customers from being targeted by fraudsters and rouge traders.
    • We work with other banks to quickly recover fraudulent funds for our customers.



  • Summary

    We are the Partnership Bank.
    We provide simple, flexible, financial services to UK customers both directly and through partnerships with well-known UK brands. Technology is making it quicker and easier to stay on top of your finances wherever and whenever you want. As more of our customers choose to use new ways of banking such as phone, tablet or computer, we’re committed to keeping their accounts and information secure

Take Five campaign

Take Five campaign

In 2015, £755 million was lost to financial fraud, but we can all help to lower this figure by remembering one simple action – to stop and think.

That’s why the Take Five campaign – led by UK Finance – is encouraging the nation to do just that; to take time to stop, step back and think before they act.

If you receive a request to hand over (or do something with) personal or financial information, you need to take a moment to reflect and step back from the situation. Yes, even if they say they’re the bank, police or another trusted organisation, you still need to take the time to stop and think about what’s really going on.

Because deep down, you probably already know these basic rules on how to beat financial fraud – you just need to take a deep breath and stay calm enough to remember them.

  1. Never disclose security details, such as your PIN or full banking password
  2. Don’t assume an email or phone call is authentic
  3. Don’t be rushed – a genuine organisation won’t mind waiting
  4. Listen to your instincts – you know if something doesn’t feel right
  5. Stay in control – don’t panic or make a decision you’ll regret

Take Five, a new national campaign led by UK Finance, is here to help you take action against the financial fraud that affects millions of people in the UK each year. If you think there has been fraud on your card or bank account – or if you suspect anyone has attempted to obtain your financial details – report it immediately to your bank or other financial services provider and then contact Action Fraud on 0300 123 2040 or at www.actionfraud.police.uk.

For more information you can download the Take Five customer advice guide below or visit www.takefive-stopfraud.org.uk

Take Five customer advice guide Download

Don't be fooled campaign

Don't be fooled campaign

Fraudsters may ask you to receive money into your bank account and transfer it into another account, keeping some of the cash for yourself. If you let this happen, you’re a money mule. You’re involved in money laundering, which is a crime.

You can be approached by fraudsters online or in person. They might post what looks like a genuine job ad, then ask for your bank details.

Once you become a money mule, it can be hard to stop. You could be physically attacked or threatened with violence if you don’t continue to let your account be used by criminals.

When you’re caught:

  • Your bank account will be closed.
  • You will find it hard to access further student loans.
  • It will be difficult to get a mobile phone contract.
  • You will have problems applying for credit.
  • You could go to prison for up to 14 years.

Students can become money mules unwittingly. They might think they’re giving out their bank details for a genuine reason, then end up involved in money mule fraud.

Don’t Be Fooled. Follow this advice:

  • Don’t give you bank account details to anyone unless you know and trust them.
  • Be cautious of unsolicited offers of easy money. If it sounds too good to be true, it probably is.
  • Research any company that makes you a job offer and make sure their contact details are genuine.
  • Be wary of job offers from overseas. It will be harder for you to find out if they are legitimate.
  • Be wary of job ads that are written in poor English, with grammatical errors and spelling mistakes.

For more information, visit the Money Mules website.