Friday, 3 April 2015

New day, new Bank of Ireland scam



ESET Ireland sees an unending stream of Irish bank email phishing scams, with Bank of Ireland customers particularly in the crosshairs.

Irish online banking users should be on the watch for a constant flood of variations on the phishing scams involving Irish banks. This week we’ve noticed an increased number of emails targeting Bank of Ireland customers, trying to socially engineer them into giving up their online banking details.

The first most common variation of the scam claims maintenance and requires a “log in”:

Dear Bank of Ireland user,

You have 1 new ALERT message
WE ARE CURRENTLY PERFORMING REGULAR MAINTENANCE OF OUR SECURITY MEASURES FOR ONLINE BANKING AND CUSTOMER DATABASES.
Please login to your 365 Online Banking and visit the Message Center section in order to read the message.

To Login, please click the link below:
Bank of Ireland 365 Banking Online

The second one has more of a “call to action”, claiming the victim’s account will expire in 72 hours, unless they “log in”:

Dear Valued 365 ® Member,

We are sorry to inform you that your 3 6 5 account will expire within 72 hours.
To avoid this we have no other option but to ask you to verify your account before it will be disabled.

Verify NOW 3 6 5 >>>>

Many thanks for using the 365 Service Desk.
Regards Shelly
365 Online Support TEAM

This “log in”, of course, involves being redirected to a forged website, which collects any info the victims type in, then transmits it to the scammers, who can then attempt to assume the identity of the victim and try to rob their account. Additional security measures put in place by banks make this more difficult, as do the helpful safety tips provided, but the cybercriminals are still trying to find ways to circumvent them.

ESET Ireland recommends you do not click on any of the links in the phishing emails and do not reply to them in any way, as that only confirms your identity to the cybercriminals.