Bank of Ireland warns customers of ‘new wave’ of scam texts

Customers should ‘never share one-time passcodes with anyone, even if they claim to be from their bank’

Bank of Ireland's fraud-prevention team has observed a 50 per cent spike in the number of so-called ‘smishing’ attacks. Photograph: Cyril Byrne
Bank of Ireland's fraud-prevention team has observed a 50 per cent spike in the number of so-called ‘smishing’ attacks. Photograph: Cyril Byrne

Bank of Ireland has warned customers to be on the alert for a fresh wave of scam texts after its fraud-prevention team observed a 50 per cent spike in the number of so-called ‘smishing’ attacks in the past month.

Smishing — where fraudsters attempt to trick customers into supplying their bank details by sending texts that seem to come from their bank — has been on the rise since the start of the pandemic in 2020. Bank of Ireland has reminded customers that they will never receive a text or email from the bank with a link directly to its online banking facility.

Neither will they receive an email or text from the bank asking customers to click a link with an urgent warning about suspicious activity on their account.

On Thursday, Bank of Ireland said the “new wave” of attacks has mostly involved fraudsters sending texts to its customers purportedly from An Post or government bodies such as the Health Service Executive or the Revenue Commissioners. Fraudsters will tell customers that they have a parcel ready for delivery or that they can pay an outstanding charge by clicking on a link.

READ MORE

The customer is then brought to a fake website, where they are asked to give personal information and their credit or debit card number. Scammers will then use those details to set up Apple or Google Pay to send the customer a genuine “one-time passcode”, Bank of Ireland said, before asking the customer to provide the code through the fake website, which is then used to set up a payment from the customer’s account.

Customers have, in some instances, been directed to a “spoofed online banking login page”, the bank said and tricked into giving their online banking login details.

If the customer has stopped part of the way through the scam process, they may then get a phone call claiming to be from Bank of Ireland “in an attempt to get banking details and one-time passcodes”, the bank said. “Those calls will often look like they’re coming from genuine Bank of Ireland numbers as the fraudster can spoof the number that appears in your display.”

Edel McDermott, head of fraud at Bank of Ireland, said the bank is warning customers to be “extra vigilant” about potential fraud given the recent spike in reports of smishing activity.

Customers should “never share” a one-time passcode with anyone, Ms McDermott said, “even if they say they are from Bank of Ireland”.

Ian Curran

Ian Curran

Ian Curran is a Business reporter with The Irish Times