Internet Banking Security Centre
Common Frauds and Threats
Our Online Banking services are a safe and convenient way to manage your finances, but you need to take care to guard against Internet and other types of fraudsters. It is important that you are aware of potential fraud attempts that originate from the Internet and other methods.
Click on the headings below to find information on the most common frauds and threats:
Theses scams are when an individual calls you claiming to be from the Bank, or a company providing a service and request financial and/or personal and security information.
This type of scam is refered to as 'Vishing', which is a combination of ‘voice’ and phishing. It is typically used to steal credit card numbers or to gain access to your Internet Banking.
The phone number displayed on your handset may appear to be a genuine Bank phone number but these can be mimicked by criminals.
If you suspect any fraudulent activity from any call you receive, you should end the call and verify the identity of the caller using a known number.
If you believe that your bank details have been compromised, call the number on the back of your credit or debit card or alternatively call the official number for the branch on the AIB website.
Some of the scams currently in circulation are where customers have received fraudulent calls claiming to:
Assist them with claiming a tax rebate
Be a law enforcement official asking them to assist with preventing a crime
Be a Utility Company: e.g. Telephone/Mobile phone provider, Broadband provider, Software company offering to “fix” PC or broadband problems.
That you have unauthorised transactions on your Card or Account
The callers may ask you to download an Application to give them access to your PC. They will also attempt to trick you into divulging your banking or card credentials and provide codes from your Card Reader in order to access your online banking and make fraudulent payments.
NEVER disclose codes from your AIB Card Reader over the phone.
NEVER disclose the full five digits of your Personal Access Code (PAC).
If you have received such a call and disclosed any of your Banking details please contact us immediately
Phone Scam Warning - Cards
AIB have been notified of a Phone Scam currently targeting our customers. Reports received to the Bank indicate that:
Fraudulent calls have been targeting customers trying to persuade them that their AIB Credit / Debit Card have been compromised
These scams will usually request a transfer of funds or disclosure of card/account details
Other variants of the fraudulent calls involve the customer’s account being over credited and that the customer must transfer money back to a third party account
Some fraudulent callers are also advising that the customers branch will not be aware of this call as it is being handled by a third party.
AIB would ask that customers be aware of such calls, as they are not genuine.
The scam is referred to as ‘Vishing’, which is a combination of ‘voice’ and ‘phishing’.
If you suspect that a call may be fraudulent, hang up and call the AIB Card Services Team on 01 6685500.
To assist in identifying such calls please be aware that:
AIB will never call you to ask for a refund of credit in this manner,
AIB will not request for a transfer to any third party accounts,
AIB will not request the One Time Passcodes to process refunds / credits, and
You should never disclose the One Time Passcode that AIB sends via SMS to a third party.
If you suspect a call may be fraudulent, hang up and call the phone number on the back of your card, or call your local branch for verification.
Fraudulent Emails are a common technique used by fraudsters in an attempt to obtain personal and security information for the purpose of identity theft or financial gain. The fraudsters use email messages that appear to come from financial Institutions or a legitimate businesses in an attempt to fool you in to visiting a fake website and supplying your personal banking or card details.
Financial Institutions are frequently targeted by these types of fraud, which are also referred to as ‘phishing’.
AIB may on occasion, send you product related or marketing surveys via email. It is important to note that these mails will never ask you for Internet Banking log in details or personal information.
Fraudulent emails that are currently in circulation include:
Customer Record Updates: these mails advise that you will be required to provide AIB with proof of identity and address; otherwise you will be unable to access your accounts from a specified timeframe
SCA Activation: these emails ask you to click on a website in order to activate Strong Customer Authentication to prevent your account from being locked
Secure Message: you will be asked to click on a message to view it.
The emails also include a false link to log into your online banking.
THESE EMAILS ARE NOT FROM AIB.
Examples of some other fake messages in the fraudulent emails are:
“We inform you that your SCA is not set up yet. In order to use your Online Banking Service, you will have 24 hours to set up your SCA.”
“Your Internet Banking account has expired. Renew your account information NOW. Please download and complete the attached form.”
“Your AIB Online Banking Access is suspended.”
“Please be informed that we send emails asking you to verify your account maximum three tome a year.”
Text Message Fraud
Text Message Fraud is a common technique used by fraudsters in an attempt to obtain your personal banking and card information for the purpose of identity theft or financial gain. The fraudsters send text messages that appear to come from your bank or from legitimate businesses in an attempt to fool you into supplying your personal details.
These text messages can appear within a genuine thread of messages and will request that you log in to a fake website or call a number. This type of scam can be referred to as ‘SMiShing’.
NEVER disclose your Registration Number or Personal Access Code (PAC) or Card information after clicking a link in a text
NEVER generate codes from your AIB Card Reader that is requested from a test message.
If you have received a fraudulent text and disclosed any information, please contact us immediately.
NOTE: AIB may on occasion, send you product related or marketing surveys via SMS. It is important to note that these text messages will never ask you for Internet Banking log in details or personal information.
Buyer Beware - Loan Scams
AIB have been made aware of a “Payday Loan” scam currently targeting our customers. Reports received indicate the following key details:
Payday Loan application is made online (Fast Online Credit, Bluestone Finance, Deccan Loans)
Customers are requested to input IBAN for loan application approval
Upon loan approval, customers will be requested to make an advanced payment - this may be for PPI or to build credit rating
Loan repayments will be requested to be paid through alternative payment channels, for instance: Western Union, Coinbase, TransferWise, Game Stop vouchers, iTunes Vouchers.
Not all of these elements will appear in every attempted loan application, as details vary, but the overall theme remains constant.
If suspicion arises:
DO NOT make any further payments
DO NOT withdraw or transfer any funds received into your account from an unknown third party
Cease contact with the fraudulent loan company immediately.
If you believe you have been a victim of the scam, please contact us immediately.
Malware (Trojans and Viruses)
Malware is short for ‘malicious software’. The effects of malware can vary widely depending on what it is designed to do. Some cause little or no damage, while others can be very dangerous and deliberately target customers who bank online.
Banking specific malware can gather personal or security information entered on the infected PC/laptop/phone. Such malware can gain access to the device when the user is tricked into opening or running an infected attachment they have received from a seemingly legitimate mail, through an infected file they have downloaded or even by visiting an infected website.
How you can identify Malware threats or fraudulent attempts to obtain personal details while banking online?
The signs to look for include:
Pop-up windows on Internet Banking asking you to key details into your Internet Banking Card Reader, and
Requests on Internet Banking to confirm your identity with your credit/debit card details (see the sample screen shot below)
For more information on staying safe online go to: https://www.getsafeonline.org/nca/
Advanced Fee (419) Fraud
Advance fee fraud or ’The 419 (four-one-nine) fraud’ as it's also known, is a method by which a fraudster attempts to trick you into supplying 'up-front' money to secure your involvement in their specified transaction. There are many variations of this type of fraud.
How does Advanced-Fee (419) Fraud work?
You would first receive an unsolicited communication (e.g. fax, email, letter or website) concerning an individual, business or government entity wanting to get money out of the country
These communications (e.g. websites, letters, emails or faxes) often look very similar to those of a reputable institution
The fraudster then contacts you directly offering to transfer money into your bank account in exchange for a small fee
If you respond to the initial offer, you may receive ‘official looking’ documents to complete.
Typically, you are then asked to provide a blank letterhead and your bank account details, in addition to money to cover the transaction, transfer costs and attorney's fees
The fraudster will then quickly move your money to an offshore account and then move on to their next victim.
How to recognise Advanced-Fee (419) Fraud letters
They generally include requests for ‘up-front’ money to secure your involvement in their transaction. Hence the name: ‘advanced fee fraud’
They are generally marked ‘urgent’ or ‘confidential’
They often promise millions of dollars for your help, once the transaction is completed
They always have a scheme or a reason for contacting you, examples include:
- An inheritance that is tied-up
- Diamonds in boxes that they need to get out of the country
- Millions of dollars in boxes that they need to get out of the country
- Money ‘frozen’ by government
- Excess oil or other merchandise
Most 419-fraudsters present themselves as individuals such as doctors, lawyers, sons of ex-generals and other important persons, to trick you into thinking they are respectable and trustworthy individuals
They are always seeking a foreign ’partner’ to help them
They will ask for personal information about you, such as:
- Personal or Business letterhead
- Banking information
- Personal telephone number.
What should you do if you suspect a 419 scam?
Delete the email, destroy the letter or fax. Although they may look like it is addressed specifically to you, they will have been sent to many people.
SIM Swap Fraud
What is SIM Swap Fraud?
The objective of these fraudulent SIM swaps is mainly to intercept messages sent by SMS for banking transactions over the Internet.
Fraudulent SIM swap is a mobile device specific fraud where the fraudster approaches your mobile service provider pretending to be you and requests that the existing mobile number be assigned to a new or ’replacement’ SIM card. Once the SIM swap request has been processed, the fraudster is able to access the new SIM card and may divert calls and receive your SMS notifications. With texts and calls now routed to the ‘new’ SIM card, the fraudster is able to access any unique codes sent by the bank to access people’s bank account. This scam will be used in conjunction with other Common Frauds and Threats such as a Phishing or Vishing attack’s as described above.
To safeguard against SIM swap fraud, we suggest that you follow these simple steps to help stay secure:
Never disclose any sensitive or personal information such as log in details, bank details, passwords or passcodes to any source
Never ignore an SMS message alerting you to a pending SIM swap request on your account or if you suddenly cannot make or receive calls or messages. Contact your mobile provider immediately and enquire whether a SIM swap has been processed on your number
Protect your mobile device via password (use strong passwords that would not be easy to guess) or biometric security (fingerprint). Where possible, set the screen auto-lock timer to activate after just a few minutes of inactivity
Disable automatic connections. Some devices automatically allow connections to available Wi-Fi networks, and Bluetooth devices may connect and transmit data without your knowledge
Consider using your manufacturer’s applications which allow you to find and track your device if lost. These applications also give you the option of locking or wiping your phone remotely if required
Do not open emails from unknown sources – even if these appear legitimate or authentic and seem to come from your banking institution
Never follow a link provided to you in an email to access the Internet Banking site for your banking institution. Instead physically type the address into the browser address bar.
If you suspect that you have been a victim of SIM swap fraud, contact your mobile provider immediately.
Text Alerts for AIB Credit and Debit Cards
From September 2015, AIB will text you if we see suspicious activity on your Credit or Debit card.
The text will come from +353873700700. This is a number for texting only and it won’t answer if you ring it. We will identify ourselves straight away as ‘AIB’ and will not ask you for any personal information, account numbers or PIN numbers. You will be asked to confirm whether or not you made a transaction with a ‘Y’ or ‘N’ reply. If you are not happy to answer the text, contact us on the number on the back of your card.
For more information, click here
Adware and Pop-Up Windows
Pop-up windows are the small windows or adverts that can appear suddenly over or under a browser window. Pop-up windows can be used to obtain personal information from an unsuspecting user. Fraudsters can also use fake ads to fool you into visiting a fake website and supplying your personal details.
Please note: Pop-up windows can be legitimately used by some websites/offerings, such as ’Verified by Visa’ and ’MasterCard SecureCode’.