In the recent weeks IT security experts at ESET Ireland have seen a massive run of targeted scam emails spamming Irish mailboxes, all with various attempts to scam Permanent TSB customers.
The emails come with subject lines like “Your access to Open24 online banking has been locked”, “Your account has been temporarily suspended”, “We found suspicious activities on your account – Please read details!”, “Permanent TSB – Customer Notice”, “Open24 Internet Banking Account Notification” and they arrive from spoofed email addresses like info@permanenttsb.ie, security@permanenttsb.ie, customersecurity@permanenttsb.ie, all engineered to reassure the customers, it’s the real thing.
The emails contain attachments or links where the potential victims are asked to enter their logins and other confidential banking info, in order to “unlock” their accounts.
Here are a couple of examples:
Notice the particular cynicism of the second example, where fraudsters actually even left the security advice to people they’re about to scam and rob:
The Permanent TSB official website warns against this: Warning: Customers should note that we will never ask you for this information either by email or telephone and you should never disclose this information to anyone.
Permanent TSB’s official website also offers the following advice:
How you know if you’ve been the victim of a fraud or scam:
- If it sounds too good to be true, it is
- If you have won a prize, but haven’t entered that competition, it’s not a prize
- If you are asked for money up front to release your win, you may not get your win
- If you are asked for your bank account, credit card details, or other confidential information, the call is not from your bank or financial institution
- If a caller is more excited than you are or wants to be your best friend, they could be a fraudster
- If you are told that you must reply to something straight away or the money will be given to someone else, there may be no money
If you’ve also received emails like these and thought “so what? It’s the same old rubbish anyway!” think again. ESET’s expert David Harley says: “Right now malware and phishing forms apparently from reputable companies seem to be particularly successful at getting through mail services with exceptionally good filtering. Now, as ever, you need to be aware that you can’t rely on mail provider filtering and security software to protect you from all attacks. But scepticism and common sense will go a long way towards plugging the gaps in your defences.”
ESET Ireland 
I received this message on an address that I don’t use with online banking.
Is there a way to report this with PermanentTSB? Their website doesn’t seem to have any option to do so.
I’ve already flagged it with my mail provider.
Since Permanent TSB have nothing to do with these fake mails, apart from having their name abused by scammers, they can’t really do much about them, so there’s no point in reporting to them. But they are aware these mails exist and they do warn agaist them on their website. See their instructions to stay safe here: https://www.permanenttsb.ie/about-us/need-help/security/fraudandscams/