Intense phishing campaign targeting Bank of Ireland customers

ESET Ireland warns of a new, widespread phishing spam campaign bombarding Irish mailboxes, pretending to come from Bank of Ireland’s 365 Online service.

Nearly all the spam emails ESET Ireland has intercepted in the past week, belonged to varieties of this phishing campaign. The emails targeting Irish mailboxes claim the user’s 365 Online account will expire or be suspended, unless the user clicks on a link and re-activates it.

The email states:

“To Confirm your Enrollment, you must Sign On before Jan 26, 2017.

For your security, your Bank of Ireland 365 Online access is due to expire if you have not signed on by the date above. If you signed up for Bill Pay, your Bill Pay service, including any pending payments or payee information, will also be canceled at that time.”

boimail

The link included leads to a site, registered in Indonesia, which looks more or less like a precise copy of the actual Bank of Ireland 365 Online site and requires the user to “log in”.

realfakeBoI.jpg

But what it does is, it tricks the user into revealing their user ID, the 6-digit 365 pin, the last four digits of their contact number, name, address, date of birth, town, email address and other details that can enable the cybercriminals to log into their account,

boi1

as well as give them access to the victim’s credit card number, expiry date, security code, etc.

boi2

After handing all the sensitive info over to the cybercriminals, they “process the request” and redirect the victim back to the actual Bank of Ireland website.

boiverified

Because the emails and the websites look so convincingly real, the users should pay close attention not to mistake them for real communication from Bank of Ireland. The bank itself offers extensive advice on how to spot and protect yourself against phishing scams like these, on their official website.

ESET Ireland recommends the users look out for suspicious mails, avoid clicking any links or attached files within them, ring the bank if they’re still unsure and warn others to be careful.

by Ciaran McHale and Urban Schrott, ESET Ireland

 


One thought on “Intense phishing campaign targeting Bank of Ireland customers

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s