Permanent TSB’s good name under attack by scammers

In the recent weeks IT security experts at ESET Ireland have seen a massive run of targeted scam emails spamming Irish mailboxes, all with various attempts to scam Permanent TSB customers.

The emails come with subject lines like “Your access to Open24 online banking has been locked”, “Your account has been temporarily suspended”, “We found suspicious activities on your account – Please read details!”, “Permanent TSB – Customer Notice”, “Open24 Internet Banking Account Notification” and they arrive from spoofed email addresses like info@permanenttsb.ie, security@permanenttsb.ie, customersecurity@permanenttsb.ie, all engineered to reassure the customers, it’s the real thing.

The emails contain attachments or links where the potential victims are asked to enter their logins and other confidential banking info, in order to “unlock” their accounts.

Here are a couple of examples:

TSB1

Notice the particular cynicism of the second example, where fraudsters actually even left the security advice to people they’re about to scam and rob:

TSB2

The Permanent TSB official website warns against this: Warning: Customers should note that we will never ask you for this information either by email or telephone and you should never disclose this information to anyone.

Permanent TSB’s official website also offers the following advice:

How you know if you’ve been the victim of a fraud or scam:

  • If it sounds too good to be true, it is
  • If you have won a prize, but haven’t entered that competition, it’s not a prize
  • If you are asked for money up front to release your win, you may not get your win
  • If you are asked for your bank account, credit card details, or other confidential information, the call is not from your bank or financial institution
  • If a caller is more excited than you are or wants to be your best friend, they could be a fraudster
  • If you are told that you must reply to something straight away or the money will be given to someone else, there may be no money

If you’ve also received emails like these and thought “so what? It’s the same old rubbish anyway!” think again. ESET’s expert David Harley says: “Right now malware and phishing forms apparently from reputable companies seem to be particularly successful at getting through mail services with exceptionally good filtering. Now, as ever, you need to be aware that you can’t rely on mail provider filtering and security software to protect you from all attacks. But scepticism and common sense will go a long way towards plugging the gaps in your defences.”

5 Responses to Permanent TSB’s good name under attack by scammers

  1. Pingback: Phishing and malware - keep Smiling through* | ESET ThreatBlog

  2. Pingback: IT Secure Site » Blog Archive » Phishing and malware – keep Smiling through…*

  3. Pingback: Phishing and malware – keep Smiling through…*

  4. Someone says:

    I received this message on an address that I don’t use with online banking.
    Is there a way to report this with PermanentTSB? Their website doesn’t seem to have any option to do so.
    I’ve already flagged it with my mail provider.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 72 other followers

%d bloggers like this: