Online Services Security Centre
Common Frauds and Threats
Our Online Banking services are a safe and convenient way to manage your finances, but you need to take care to guard against Internet fraudsters. It is important that you are aware of potential fraud attempts that originate from the Internet. Below please find information on the most common threats and frauds:
Vishing (Telephone or Voice Fraud)
Vishing uses social engineering over the telephone to gain access to private personal and security information. The term is a combination of ‘voice’ and phishing. It is typically used to steal credit card numbers or other information used in identity theft schemes from individuals.
The caller will advise that they are technical support staff from a major phone or computer software company and noticed from their records that you might need to have your computer updated. They usually include a threat, such as telling you that your system is about to collapse or that all of your passwords and security keys are going to be made known in the public domain, unless you perform the required upgrade etc. They may even attempt to coerce you to allow them remove access to your computer.
** It is important to note that the caller may use this opportunity to install virus on to your computer in order to obtain your personal details.
Other types of Vishing are calls purporting to be from AIB (NI) / Allied Irish Bank (GB)/ different companies or advising that you have won or inherited money.
If you are asked for money upfront to release money, it’s probably a scam!
Phishing is a common technique used by fraudsters in an attempt to obtain personal and security information for the purpose of identity theft or financial gain. The fraudsters use email messages that appear to come from legitimate businesses in an attempt to fool you into visiting a fake website and supplying your personal details. Financial institutions are frequently targeted by these types of attacks.
AIB (NI) / Allied Irish Bank (GB) may on occasion send you product related or marketing surveys via email. It is important to note that these mails will not ask you for Online Banking login details or personal information.
Examples of some fake messages in the fraudulent mails are:
“Your Online/Internet Banking account has expired. Renew your account information NOW. Please download and complete the attached form.”
“Your Online Banking Access is suspended.”
“Please be informed that we send emails asking you to verify your account maximum three times a year.”
Fraudsters are committing man-in-the-middle vishing scams to exploit genuine bank account details and security information which enables them to make unauthorised payments to bank accounts under their control.
Generally, victims are contacted by a text, letter or email purporting to be from their bank, which requests that the victims contact them on a telephone number provided.
The victim phones the number provided, and the suspect then redirects them to the bank; however as the call has been redirected, the criminals have the ability to record and listen to this call as it is being made, gaining all the victim’s security answers and personal details.
The criminals then phone the bank at a later date purporting to be their customer and exploit the genuine credentials and security information gained to request a range of payments to be made from the account(s).
- Never provide personal or financial details to an unsolicited caller.
- Always contact us on a trusted number found on our website or correspondence that is known to be authentic, such as a statement. Do not call the number provided on the text, letter or email without first confirming that it belongs to us.
- If you have concerns about the validity of the caller, please hang up and contact us to request confirmation of any possible communication made by us, prior to giving out any personal details.
Advanced Fee (419) Fraud
Advance fee fraud or ’The 419 (four-one-nine) fraud’ as it's also known, is a method by which a fraudster attempts to trick you into supplying 'up-front' money to secure your involvement in their specified transaction. There are many variations of this type of fraud.
How does Advanced-Fee (419) Fraud work?
You would first receive an unsolicited communication (e.g. fax, email, letter or website) concerning an individual, business or government entity wanting to get money out of the country
These communications (e.g. websites, letters, emails or faxes) often look very similar to those of a reputable institution
The fraudster then contacts you directly offering to transfer money into your bank account in exchange for a small fee
If you respond to the initial offer, you may receive ‘official looking’ documents to complete. Typically, you are then asked to provide a blank letterhead and your bank account details, in addition to money to cover the transaction, transfer costs and attorney's fees
The fraudster will then quickly move your money to an offshore account and then move on to their next victim.
How to recognise Advanced-Fee (419) Fraud letters
They generally include requests for ‘up-front’ money to secure your involvement in their transaction. Hence the name: ‘advanced fee fraud’
They are generally marked ‘urgent’ or ‘confidential’
Often they promise millions of dollars for your help, once the transaction is completed
They always have a scheme or reason for contacting you, examples include:
- An inheritance that is tied-up
- Diamonds in boxes that they need to get out of the country
- Millions of dollars in boxes that they need to get out of the country
- Money ‘frozen’ by government
- Excess oil or other merchandise
Most 419-fraudsters present themselves as individuals such as doctors, lawyers, sons of ex-generals and other important persons, to trick you into thinking they are respectable and trustworthy individuals
They are always seeking a foreign ’partner’ to help them
They will ask for personal information about you, such as:
- personal or business letterhead
- banking information
- personal telephone number.
What should you do if you suspect a 419 scam?
Delete the email. The email, although it may look like it is addressed specifically to you, will have been sent to many people.
Malware (Trojans and Viruses)
The effects of malware can vary widely depending on what it is designed to do. Some cause little or no damage, while others can be very dangerous and deliberately target customers who bank online. Banking specific malware can gather personal or security information entered on the infected PC/laptop/phone. Such malware can gain access to the device when the user is tricked into opening or running an infected attachment they have received from a seemingly legitimate mail, through an infected file they have downloaded or even by visiting an infected website.
Watch the AIB security demo video.
SIM Fraud Swap
What is SIM Swap Fraud?
Fraudulent SIM swap is a mobile device specific fraud where the fraudster approaches your mobile service provider pretending to be you and requests that the existing mobile number be assigned to a new or ’replacement’ SIM card. Once the SIM swap request has been processed, the fraudster is able to access the new SIM card and may divert calls and receive your SMS notifications. The objective of these fraudulent SIM swaps is mainly to intercept messages sent by SMS for banking transactions over the Internet. With texts and calls now routed to the ‘new’ SIM card, the fraudster is able to access any unique codes sent by the bank to access people’s bank account. This scam will be used in conjunction with other Common Frauds and Threats such as a Phishing or Vishing attack’s as described above.
To safeguard against SIM swap fraud, we suggest that you follow these simple steps to help stay secure:
- Never disclose any sensitive or personal information such as login details, bank details,passwords or passcodes to any source
- Never ignore an SMS message alerting you to a pending SIM swap request on your account or if you suddenly cannot make or receive calls or messages. Contact your mobile provider immediately and enquire whether a SIM swap has been processed on your number
- Protect your mobile device via password (use strong passwords that would not be easy to guess) or biometric security (fingerprint). Where possible, set the screen auto-lock timer to activate after just a few minutes of inactivity
- Disable automatic connections. Some devices automatically allow connections to available Wi-Fi networks, and Bluetooth devices may connect and transmit data without your knowledge
- Consider using your manufacturer’s applications which allow you to find and track your device if lost. These applications also give you the option of locking or wiping your phone remotely if required
- Do not open emails from unknown sources – even if these appear legitimate or authentic and seem to come from your banking institution
- Never follow a link provided to you in an email to access the Internet Banking site for your banking institution. Instead physically type the address into the browser address bar.
- If you suspect that you have been a victim of SIM swap fraud, contact your mobile provider.
SMS (Text Message Fraud)
Text Message Fraud (SMiShing) is a common technique used by fraudsters in an attempt to obtain personal and security information for the purpose of identity theft or financial gain. The fraudsters send text messages that appear to come from legitimate numbers in an attempt to fool you into supplying your personal details.
Text Alerts for AIB (NI) Credit and Debit Cards
From September 2015, AIB (NI) will text you if we see suspicious activity on your credit or debit card.
- For Debit Cards the text will come from +447537414900;
- For Consumer Credit Cards the text will come from +447537414532; and
- For Commercial Credit Cards the text will come from +447537414534.
For more information, click here.
Adware and Pop-Up Windows
Pop-up windows are the small windows or adverts that can appear suddenly over or under a browser window. Pop-up windows can be used to obtain personal information from an unsuspecting user. Fraudsters can also use fake ads to fool you into visiting a fake website and supplying your personal details.
Please note: Pop-up windows can be legitimately used by some websites/offerings, such as ’Verified by Visa’ and ’MasterCard SecureCode’.