Be on your guard – online fraud is getting increasingly sophisticated
Check out the latest instalment of Jill Kerby's Moneytimes, which looks at the most common online frauds and scams doing the rounds at the moment...
As if we don’t enough to worry about these days, the Bank of Ireland ‘smishing’ scandal in which hundreds of the bank’s customers lost thousands of euro to audacious fraudsters shows that it isn’t just Covid-19 that needs to be taken very seriously this year.
Last week, after unrelenting pressure by the RTÉ radio programme Liveline, which invited dozens of victims to tell their stories, the bank finally relented and agreed to refund customers’ accounts.
It was urged along, no doubt by the Financial Services and Pensions Ombudsman, which was already investigating official complaints against the bank.
This particular online scam (and known to B of I for at least a year) crucially allowed the fraudsters to piggyback its own message on a legitimate Bank of Ireland online message facility and sophisticated enough to convince the bank customers that they were dealing with their bank.
It is a worrying example of how cybercrime has developed into one of the most successful forms of deception, fraud and theft in the world and how wary we all need to be of random and/or highly targeted messages by criminals keen to part you from your money.
On its website An Garda Síochána highlight the six most common forms of fraud:
1. Payment Card Fraud: This type of fraud involves the use of stolen or counterfeit payment cards to make direct purchases or cash withdrawals. It also includes the use of stolen card data to buy items over the phone or via the internet.
2. Invoice Redirection Fraud: This type of fraud involves criminals contacting businesses or sellers usually by email, but sometimes by phone or other means of communication. The criminal pretends to be a supplier of goods or services that you already do business with and requests that the bank account details recorded for the legitimate supplier are changed on your financial system.
3. CEO Fraud: This type of fraud is similar to Invoice Redirection Fraud however in this case junior employees in the finance department of a company receive an email from a criminal purporting to be the chief executive officer stating that an important deal or some other urgent matter is pending and that a substantial payment needs to be processed immediately.
4. Email Fraud otherwise known as Phishing: This type of fraud involves criminals making contact by email and can take a number of forms. The email may appear to be from a reputable company – however, when one clicks on the email or attachment or link within the email, malicious software (malware) is downloaded to the PC or other device, allowing the criminal to track online activity and identify personal or financial information for fraudulent purposes. Both individuals and companies can be victims of this type of crime.
5. Phone Fraud, otherwise known as vishing or smishing: This type of fraud involves criminals contacting you by phone (vishing) or by text (smishing) pretending to be your bank, credit card issuer, utility company or often a computer company. During the conversation, they will try and trick you into giving personal, banking or security information. They may also convince you to make a money transfer to them
6. Advance Fee Fraud: This type of fraud involves criminals targeting victims to make advance or upfront payments for goods, services or financial gains that do not materialise. Sometimes they pose as a romantic interest, as a legal representative for inheritance purposes, an insurance adjuster, or a lottery company representative.
ATM fraud, of course, remains a serious but perhaps diminishing threat as contactless payments grow. Nevertheless thieves install increasingly sophisticated looking false attachments and panels to ATM machines that are fitted to capture your account and password details. Everyone needs to be vigilant before using an ATM, especially in countries where cash is more widely used.
Vigilance comes in many forms, though Bank of Ireland was clearly wrong in assuming that because they had posted warnings about the smishing event on their website over a year ago, but didn’t close down the fraudsters penetration of their online messaging service, they were not liable for their customers’ losses.
Be wary of strangers, we tell our children. But it applies to adults too, especially when the stranger (or their online message) represents trusted institutions or retailers that instruct you online, to re-upload your personal bank details and passwords. These may your bank, the Revenue, a payment facilitator like PayPal, utility company, online retailer (like Amazon or eBay).
If such an email or SMS arrives, you need to contact the company directly yourself, on a safe server.
As students return to college, they need to be very wary of suspicious cash offers to ‘lend’ strangers their bank details, specifically any dormant accounts they have, that can be used to briefly warehouse funds in return for a modest fee. Being an accessory to money laundering is a serious offence.
So is cold calling or emailing someone with an unauthorised get-rich-quick, too-good-to-be-true investment scheme. Ignore. Delete. Report.