iBusiness Banking (iBB) Security Centre
Common Frauds and Threats
Our Online Banking services are a safe and convenient way to manage your finances, but you need to take care to guard against Internet and other types of fraudsters. It is important that you are aware of potential fraud attempts that originate from the Internet and other methods.
Remember your personal information and key banking details, are the prime targets of internet fraudsters and you should protect them as you would your valuable possessions, so think before you click.
Click on the headings below to find information on the most common frauds and threats:
If somebody contacts you out of the blue either by phone or email offering you the opportunity to invest in shares that are about to go through the roof, it is probably too good to be true. Watch out for offers endorsed by celebrities, where the rate of return is very high and often advertised as guaranteed or risk-free.
It’s much more likely that the investment either does not exist or is worthless. Often, these fraudsters will provide details that you might think only a genuine investment company will have, such as details of shares you hold.
They will attempt to build a relationship over time. And watch out! An initial small investment may actually produce some returns before you are encouraged to invest a larger amount. If you are contacted by someone claiming to be from a well-known company, check them out independently with the company.
The caller may ask you to download software to your PC which will allow them to take access to it. They will say they are helping you to make a payment and will ask for login information to your AIB online banking along with security codes from your card reader/Digipass. NEVER give codes from your card reader/Digipass on foot of a phone call.
- Check if the company is authorised (by a financial regulator) to deal in such investments.
- Get Independent advice from a qualified financial advisor.
- Report any unsolicited contacts to An Garda Síocháná / Police.
- Reject cold calls. If you have been cold-called about an investment opportunity, it is very likely that it is a high risk investment or SCAM.
- Do not respond to high pressure tactics.
- Do not divulge any of your personal or banking information prior to verifying the caller independently.
If your investment turns out to be fraud, it is very unlikely that AIB will be able to recoup the funds.
These scams are when an individual calls you claiming to be from the Bank, or a company providing a service and requests financial and/or personal and security information.
This type of scam is referred to as 'Vishing', which is a combination of ‘voice’ and 'phishing'. It is typically used to steal credit card numbers or gain access to your Internet Business Banking.
The phone number displayed on your handset may appear to be a genuine Bank phone number but these can be mimicked by criminals.
If you suspect any fraudulent activity from any call you receive, you should end the call and verify the identity of the caller using a known number.
If you believe that your bank details have been compromised, call the number on the back of your credit or debit card or alternatively call the official number for the iBB Contact Centre.
Some of the scams currently in circulation are where customers have received fraudulent calls claiming to:
Assist them with claiming a tax rebate
Be a law enforcement official asking them to assist with preventing a crime
Be a Utility Company: e.g. Telephone/Mobile phone provider, Broadband provider, Software company offering to “fix” PC or broadband problems
Having unauthorised transactions on your card or account
The callers may ask you to download an application to give them access to your PC. They will also attempt to trick you into divulging your banking or card credentials and provide codes from your Card Reader in order to access your online banking and make fraudulent payments.
NEVER disclose codes from your Digipass over the phone.
NEVER disclose your log on details for iBB.
If you have received such a call and disclosed any of your Banking details please contact us immediately.
Phone Scam - Cards
AIB have been notified of a Phone Scam currently targeting our customers. Reports received to the Bank indicate that:
Fraudulent calls have been targeting customers trying to persuade them that their AIB Credit / Debit Card have been compromised
These scams will usually request a transfer of funds or disclosure of card/account details
Other variants of the fraudulent calls involve the customer’s account being over credited and that the customer must transfer money back to a third party account
Some fraudulent callers are also advising that the customer’s branch will not be aware of this call, because it is being handled by a third party.
AIB would ask that customers be aware of such calls, because they are not genuine.
The scam is referred to as ‘Vishing’, which is a combination of ‘voice’ and ‘phishing’.
If you suspect that a call may be fraudulent, hang up and call the AIB Card Services Team on 01 6685500.
To assist in identifying such calls please be aware that:
AIB will never call you to ask for a refund of credit in this manner, and
AIB will not request for a transfer to any third party accounts.
If you suspect a call may be fraudulent, hang up and call the phone number on the back of your card, or your local branch for verification.
This type of fraud is on the increase and it's important that you take the necessary steps to protect your money. Criminals are sending emails in an attempt to trick you in to transferring money to them.
These types of scams are referred to as ‘Phishing’.
Examples of the types of emails include:
- Emails claiming to be from your Supplier or contractor advising that they have changed their bank account details. These emails will request that all current and future payments should be made to a new account, which actually belongs to the criminal.
- Emails that appear to come from your Manager / Director / Senior Staff Member within the company. The email will request that the recipient makes a payment to an account number given in the email and may imply some urgency, which is not the case. This account number actually belongs to the criminal.
- Emails received in to HR or Accounts team requesting a change of account number for a staff member’s salary.
You should not accept any financial instructions via email. You should always VERIFY ACCOUNT NUMBERS on a known contact number with your Supplier/ Manager/ Director/ Senior Staff Member / Staff Member.
If you make and authorise a payment to one of these fraudulent accounts, it is highly unlikely that AIB will be able to get your money back for you.
Ensure that all your iBB Users are aware of these threats and that they should report any suspicious activity immediately.
Fraudulent emails are a common technique used by fraudsters in an attempt to obtain personal and security information for the purpose of identity theft or financial gain. The fraudsters use email messages that appear to come from Financial Institutions or a legitimate business in an attempt to fool you into supplying your personal and business banking or card details. Financial institutions are frequently targeted by these types of attacks, which are referred to as ‘Phishing’.
AIB may on occasion send you product related or marketing surveys via email. It is important to note that these mails will NEVER ask you for personal or banking information.
Text Message Fraud
Text Message Fraud is a common technique used by fraudsters in an attempt to obtain your personal and business banking and card information for the purpose of identity theft or financial gain. The fraudsters send text messages that appear to come from your bank or from legitimate businesses in an attempt to fool you into supplying your banking details.
These text messages can appear within a genuine thread of messages, and will request you to log in to a fake website or to call a number. This type of scam can be referred to as ‘SMiShing’.
AIB may on occasion, send you product related or marketing surveys via SMS. It is important to note that these text messages will NEVER ask you for Internet Business Banking log in details or personal information.
Malware (Trojans and Viruses)
Malware is short for ‘malicious software’. The effects of malware can vary widely depending on what it is designed to do. Some cause little or no damage, while others can be very dangerous and deliberately target customers who bank online.
Banking specific malware can gather personal or security information entered on the infected PC / laptop / phone. Such malware can gain access to the device when the user is tricked into opening or running an infected attachment they have received from a seemingly legitimate email, through an infected file they have downloaded or by visiting an infected website.
You may have seen reports in the press regarding current threats from sophisticated malware. Although these threats are serious, you can do simple things to protect yourself:
- Be suspicious about any emails you are not expecting, even from trusted sources
- Do not click on links contained in emails
- Make sure that you set your PC to update the Operating System and your Malware protection automatically
How do you know that you are under attack?
- Fake iBB screens or pop-up windows asking you to key details into your iBB Digipass
- Your PC slows down while using iBB - particularly at log on
- Suspicious phone calls are received purporting to be from AIB regarding iBB; asking you to create codes on your Digipass, perform test payments and/or authorise payments
- AIB will never ask you to do this!
REMEMBER: Always check that the Beneficiary details for payments you are authorising are legitimate or really do belong to the person you want to pay.
Example of a fake iBB screen
While the screen below may look authentic, this is an example of a fraudster attempting to get security information from you to make a payment.
Click here to view more examples of fraudulent iBB screens.
This is a type of malware that prevents or limits users from accessing their system (PC, laptop, mobile, tablet), either by locking the system’s screen or by locking the users file, unless a ransom is paid.
If your computer has been locked by ransomware, you should seek professional advice from a trustworthy source.
The “No More Ransom” website is an initiative by the National Tech Crime Unit of the Netherlands’ police, Europol’s European Cybercrime Centre and two cyber security companies – Kaspersky Lab and Intel Security – with the goal to help victims of ransomware retrieve their encrypted data without having to pay the criminals – https://www.nomoreransom.org/
SIM Swap Fraud
What is SIM Swap Fraud?
The objective of these fraudulent SIM swaps is mainly to intercept messages sent by SMS for banking transactions over the Internet.
Fraudulent SIM swap is a mobile device specific fraud where the fraudster approaches your mobile service provider pretending to be you and requests that the existing mobile number be assigned to a new or ’replacement’ SIM card. Once the SIM swap request has been processed, the fraudster is able to access the new SIM card and may divert calls and receive your SMS notifications. With texts and calls now routed to the ‘new’ SIM card, the fraudster is able to access any unique codes sent by the bank to access people’s bank account. This scam will be used in conjunction with other Common Frauds and Threats such as a Phishing or Vishing attack’s as described above.
To safeguard against SIM swap fraud, we suggest that you follow these simple steps to help stay secure:
- Never disclose any sensitive or personal information such as log in details, bank details, passwords or passcodes to any source
- Never ignore an SMS message alerting you to a pending SIM swap request on your account or if you suddenly cannot make or receive calls or messages. Contact your mobile provider immediately and enquire whether a SIM swap has been processed on your number
- Protect your mobile device via password (use strong passwords that would not be easy to guess) or biometric security (fingerprint). Where possible, set the screen auto-lock timer to activate after just a few minutes of inactivity
- Disable automatic connections. Some devices automatically allow connections to available Wi-Fi networks, and Bluetooth devices may connect and transmit data without your knowledge
- Consider using your manufacturer’s applications which allow you to find and track your device if lost. These applications also give you the option of locking or wiping your phone remotely if required
- Do not open emails from unknown sources – even if these appear legitimate or authentic and seem to come from your banking institution
- Never follow a link provided to you in an email to access the Internet Banking site for your banking institution. Instead physically type the address into the browser address bar.’
If you suspect that you have been a victim of SIM swap fraud, contact your mobile provider immediately.
Adware and Pop-up Windows
Pop-up windows are the small windows or adverts that can appear suddenly over or under a browser window. Pop-up windows can be used to obtain personal information from an unsuspecting user. Fraudsters can also use fake ads to fool you into visiting a fake website and supplying personal details.
Please note: pop-up windows can be legitimately used by some websites/offerings such as ’Verified by Visa’ and ’MasterCard SecureCode’.
Would you like more information? Check out these websites: