ESET Ireland warns of a new, widespread phishing spam campaign bombarding Irish mailboxes, pretending to come from Bank of Ireland’s 365 Online service.
Nearly all the spam emails ESET Ireland has intercepted in the past week, belonged to varieties of this phishing campaign. The emails targeting Irish mailboxes claim the user’s 365 Online account will expire or be suspended, unless the user clicks on a link and re-activates it.
The email states:
“To Confirm your Enrollment, you must Sign On before Jan 26, 2017.
For your security, your Bank of Ireland 365 Online access is due to expire if you have not signed on by the date above. If you signed up for Bill Pay, your Bill Pay service, including any pending payments or payee information, will also be canceled at that time.”
The link included leads to a site, registered in Indonesia, which looks more or less like a precise copy of the actual Bank of Ireland 365 Online site and requires the user to “log in”.
But what it does is, it tricks the user into revealing their user ID, the 6-digit 365 pin, the last four digits of their contact number, name, address, date of birth, town, email address and other details that can enable the cybercriminals to log into their account,
as well as give them access to the victim’s credit card number, expiry date, security code, etc.
After handing all the sensitive info over to the cybercriminals, they “process the request” and redirect the victim back to the actual Bank of Ireland website.
Because the emails and the websites look so convincingly real, the users should pay close attention not to mistake them for real communication from Bank of Ireland. The bank itself offers extensive advice on how to spot and protect yourself against phishing scams like these, on their official website.
ESET Ireland recommends the users look out for suspicious mails, avoid clicking any links or attached files within them, ring the bank if they’re still unsure and warn others to be careful.
by Ciaran McHale and Urban Schrott, ESET Ireland