Online Banking Fraud and Security Centre

 Text Scam Alert

The bank is aware of a Phishing fraud email that has been sent out by criminals who are impersonating a genuine company Docusign. If you receive this email please check it out by following the steps below before responding to it.

Docusign have issued the following advice on their website:

Fraudsters have attempted to impersonate DocuSign in emails and texts. They have also signed up for legitimate DocuSign accounts and used our services to appear reputable when sending documents to victims.

Here are some ways to tell whether a purported DocuSign email you’ve received is fraudulent.

1. The sender’s address is suspicious. Check the “from” tab to ensure the email originated from DocuSign.com or DocuSign.net.
2. It contains an attachment. DocuSign emails that request you to sign a document never contain attachments of any kind.
3. Generic greetings. Many fake emails begin with a generic greeting like “Dear DocuSign Customer.” If you don’t see your name in the salutation, it should raise a mental alarm.
4. False sense of urgency. Many fake emails try to deceive you with the threat that your account is in jeopardy if you don’t provide immediate updates. They may also state that unauthorized transactions have occurred on your account or that DocuSign needs to update your information immediately.
5. Misspellings and bad grammar. While no one is perfect, fake emails often contain misspellings, incorrect grammar, missing words and gaps in logic. Mistakes like this help fraudsters avoid spam filters.
6. Unsafe sites. The term "https" should always precede any website address where you enter personal information. The "s" stands for secure. If you don't see "https," you're not in a secure Web session.
7. Pop-up boxes. DocuSign never uses a pop-up box in an email, because pop-ups aren’t secure.

How to detect DocuSign-themed phishing attempts

A few simple techniques can help you spot the difference between a spoofed DocuSign email and the real thing:

• Don’t open unknown or suspicious attachments, or click links—DocuSign will never ask you to open a PDF, office document or zip file in an email.
• Hover over all embedded links: URLs to view or sign DocuSign documents contain “docusign.net/” and always start with https.
• Access your documents directly from www.docusign.co.uk by entering the unique security code, which is included at the bottom of every DocuSign email.
• Report suspicious DocuSign-themed emails to your internal IT/security team and to spam@docusign.com.

Fraudsters are targeting customers like you by sending text messages claiming to be AIB and/or other legitimate companies. These messages request you to click a link to review or block a fraudulent transaction on your account, or advise that you are locked out of your account. You may also be asked to input codes from your Card Reader or divulge a One Time Passcode (OTP).

These text messages are fraudulent.   

• NEVER disclose your Registration Number or Personal Access Code (PAC) or card information after clicking a link on a text.
• NEVER generate codes from your AIB Card Reader when they are requested by a text message or on receipt of an unexpected call.
• NEVER divulge your One Time Passcode (OTP) for Card transactions.
• NEVER move your funds to a safe account.
• REMEMBER we are not making house calls to collect your cards

If you have received such a call or text message and have disclosed any information, please contact us immediately.

For additional hints and tips on how to Be Informed, Be Alert and Be Secure, visit FraudSMART.ie

Below are some examples of fraudulent texts messages: