More Irish banks’ names abused in email scams

After the recent spams that were using AIB’s name to scam victims into disclosing their login information and security codes, we’re now receiving similar scams, abusing the names of Permanent TSB and Ulster bank.

Even though one could think Ireland would not be a prime target on the global cybercrime map, the many scams targetting our small island are convincing us of the opposite. We recently wrote about the AIB name abuse in scams, scammers lurking on DoneDeal for lucrative deals, Irish ransomware, etc.

The bank scam emails or websites they redirect to usually carry the official logotypes of the respective banks, to appear legitimate to the potential victims. The first example we have received has the following content:

Fake Permanent TSB email

While the second says:

Fake Ulster Bank email

The fake Permanent TSB’s link leads to a phishing website which tries to extract log-in information from the victim, while the fake Ulster Bank email has an .html attached, which looks like an Ulster Bank page, but requires many fields to be filled in with private information. A smart email user should know not to open unknown attachments in mails anyway, but some still do. Once a victim fills in their details and clicks “submit”, their sensitive info is sent to the scammers, while the victim is redirected to the real Ulster Bank website.

Fake Ulster Bank website

These scams are very dangerous, because many online banking users trust the official looking emails and forms and will fill them out without suspecting it is a scam. Only after their bank accounts have been breached, will they realise they have fallen into the cybercriminals’ trap. Ulster Bank’s official website has a warning about these sort of scams:

Beware of email scamsNever go to a website from a link in an e-mail purporting to be from Ulster Bank and then enter personal details.

Never respond to an e-mail that asks for confidential or personal security information. Ulster Bank will never send you such an e-mail.

Never respond to any unexpected or suspicious emails – and don’t click on any attachments within such emails.

While Permanent TSB warns of the following:

Warning: Customers should note that we will never ask you for this information either by email or telephone and you should never disclose this information to anyone.

Irish computer and online banking users should know how to recognise these scams. Banks will generally never ask them to send them any sort of log-in information via email or through unverified online forms. If any such mail is received, it should be ignored and deleted. If the user is still in doubt what to do, it is always better to ring their bank first or contact An Garda Síochána, before taking any action!

Urban Schrott
IT Security & Cybercrime Analyst
ESET Ireland

7 thoughts on “More Irish banks’ names abused in email scams

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s