BANK customers have been warned of a new wave of fraudulent text messages in circulation.
The scammers try to use customers’ card details to set up Apple Pay and Google Pay accounts.
Bank of Ireland said it has experienced a spike in this smishing scam where fraudsters send fake text messages that appear to come from delivery services including An Post or government agencies including the HSE and Revenue.
Customers who click on the links in the text messages are then redirected to fake websites where they are asked for their card or online banking credentials.
Scammers use this information to set up Apple Pay and Google Pay on the customer’s card or to set up the customer’s online banking on a new device.
If the customer gives away the genuine “one-time access code” sent by Bank of Ireland to confirm the installation, the fraudster can gain access to the customer’s account.
The bank said the number of smishing cases discovered by its fraud prevention team has risen by 50 percent.
Usually customers get a message pretending to be from An Post that says: “Your package is ready for delivery. Please pay the outstanding amount via this link…”
Other posts pretend to be from the HSE and say, “You’ve been in close contact with someone with Covid.
Follow the instructions here to order a test…”
When the customer clicks on the link, he is taken to a fake website that gives him some personal information and his credit or debit card number.
The fraudster then uses the customer’s card details to set up an Apple Pay or Google Pay account.
The customer then receives a genuine one-time access code from the Bank of Ireland to confirm the Apple Pay or Google Pay setup, but then gives the code to the fraudster on the phishing website.
Where customers have been stopped part of the way through the scam process, they may then receive a phone call claiming to be from the Bank of Ireland in an attempt to get bank details and the one-time access code, the bank said.
Those calls often look like they are coming from genuine Bank of Ireland numbers, as the fraudster could spoof the number that appears on your display.
Fraud chief at Bank of Ireland Edel McDermott said: “Fraudsters tend to use a range of tactics that have been the subject of regular warnings for some time.
“When a new variation on a familiar theme emerges, we are very concerned and we are warning customers to be extra vigilant.
“Text messages that appear to be from third parties, such as delivery companies or government agencies, should be treated with caution and verified accordingly.”
The bank has advised customers not to click on links or respond to text messages designed to appear to have been sent by the bank or other companies and service providers.
Ms McDermott said Bank of Ireland will never text customers with a link to a website asking for online banking login details or one-time access codes.
Anyone who believes they have given away their bank details should immediately call the Bank of Ireland 24/7 toll-free telephone line on 1800 946 764.