Online fraud incidents are up 50% with a warning that fraudsters are now using customers’ card details to set up Apple/Google Pay.
Bank of Ireland has reported a 50% increase in ‘smishing’ fraud cases
This has prompted Bank of Ireland to warn customers around a new wave of fraudulent text messages in circulation, where fraudsters are using customers’ card details to set up Apple/Google Pay.
The Bank has experienced a spike in ‘smishing’, where fraudsters send fake text messages appearing to be from delivery services including An Post or Government agencies including the HSE and Revenue.
Customers who click the links in the text messages are then directed to fake websites where they are asked for their card or online banking login details.
The fraudster uses these details to set up Apple/Google Pay on the customer’s card or to set up the customer’s online banking on a new device.
If the customer gives away the genuine One Time Passcode sent by Bank of Ireland to confirm the set-up, the fraudster can then access the customer’s account.
During the last month, the number of ‘smishing’ cases detected by Bank of Ireland’s Fraud Prevention team has increased by c. 50% since the introduction of this tactic.
How the current scam operates:
Customer receives a fraudulent text purportedly “from” An Post or alternatively HSE or Revenue – for example: “Your parcel is ready for delivery. Please pay the outstanding charge on this link ----" or “You’ve been a close contact of someone with Covid. Please follow the instructions here to order a test -----"
The customer clicks the link, is brought to a fake website and gives some personal information and their credit / debit card number.
The fraudster will then:
Use the customer’s card details to set up Apple Pay or Google Pay. The customer then gets a genuine One-Time Passcode from Bank of Ireland to confirm Apple Pay or Google Pay set-up, but then gives away the code to the fraudster on the phishing website.
Based on the card number the customer has given, the fraudster directs the customer to a spoofed online banking login page. The customer gives their online banking login details and then gets a genuine One-Time Passcode to set up online banking on a new device.
The customer gives that code away on the phishing website, which allows the fraudster to set up online banking and make payments from the customer’s account.
Where customers have stopped part of the way through the scam process, they may then get a phone call claiming to be from Bank of Ireland in an attempt to get banking details and the One-Time Passcode.
Those calls will often look like they’re coming from genuine Bank of Ireland numbers as the fraudster can spoof the number that appears in your display.
Bank of Ireland’s advice to customers in response to the current activity is:
Do not click on links or respond to any SMS text messages which are designed to appear as if sent by the bank or other businesses and service providers.
Remember that Bank of Ireland will never send you a text with a link to a website that asks you for your online banking login details or any One-Time Passcodes that we’ve sent to you.
The bank urges people not to share your One-Time Passcode to set up Apple/Google Pay on your card with anyone even if the person advises they are from Bank of Ireland.
If you get a suspicious text, please email a screenshot of the text to 365Security@boi.com and then delete the text.
If you think you may have given away any of your banking details, please call our 24/7 Freephone line 1800 946 764 immediately.
Subscribe or register today to discover more from DonegalLive.ie
Buy the e-paper of the Donegal Democrat, Donegal People's Press, Donegal Post and Inish Times here for instant access to Donegal's premier news titles.
Keep up with the latest news from Donegal with our daily newsletter featuring the most important stories of the day delivered to your inbox every evening at 5pm.