Scam victims conned into paying an average of €1,700 to fraudsters

Smishing relates to phony mobile phone text messages aimed at tricking a person into opening a malicious attachment or hyperlink on their device.

Often the messages, which can appear to be completely authentic, will instruct the receiver to “verify” or “reactivate” one of their online accounts, usually their online banking, Revenue, or a streaming service account. In other instances, scammers send messages made to look like notifications from delivery companies .

If the victim does click on the link embedded in the message, the scammers will either install harmful software (malware) on the phone remotely or use a cloned website to copy sensitive information such as a password or Pin number, banking information, PPS number, or Eircode.

Also since January, invoice fraud has caused average losses of €14,000, says FraudSMART. In one case, an unnamed business was conned out of €50,000.

With both Ulster Bank and KBC exiting the Irish market later this year, FraudSMART is launching a new information and awareness campaign urging consumers and business switching banks to be on high alert for impersonation-type scams. 

“Fraudsters are experts at taking advantage of changing situations to commit fraud and with two retail banks leaving the Irish market and hundreds of thousands of personal and businesses customers moving bank accounts, FraudSMART members are anticipating a rise in impersonation fraud attempts which will be based around the process of verifying and updating bank account details," said head of financial BPFI and FraudSMART lead, Niamh Davenport.

“For personal customers, we expect fraudsters will use this account transition period to obtain personal information through the guise of a problem with a customer’s new account set-up or switch."

Ms Davenport says people should be on the lookout for text messages "that flag fraud on your bank account or impending cancelation of your salary, standing orders, or direct debits to utilities and which then go on to ask for personal information or account details".

She says people should be alert to phony texts, emails, and calls, even those purportedly coming from "trusted organisations such as your bank, utility company, streaming service, mobile provider, or your employer's HR department”.

According to the BPFI, over 70,000 business are due to move their bank accounts before the end of the year, potentially exposing them to invoice fraud. 

"With so many businesses who will now be legitimately changing their account details, this provides the perfect opportunity for criminals to take advantage.” 

As part of its new campaign, BPFI and FraudSMART have issued the following advice to consumers:

• Do not respond to any messages with personal information;
• Do not click on links or follow directions from somebody on a call without verifying first;
• A bank will never text/email/phone looking for personal information;
• Contact your bank/service provider/employer directly;
• Never use contact details from a text message, always independently verify;
• Always double-check before clicking links or attachments in random or unexpected emails or texts and never give away security details such as Pins or passwords to anyone.

To prevent invoice fraud, business are advised to:

• Verify the fundamental banking changes by contacting a known contact in the company directly, using contact details held on record or a contact number on the company’s website;
• Have a verification process in place before changing saved bank account details of your suppliers or service providers;
• Inform employees of this fraud so they are alert to it and can avoid it. 

Practical advice for employees:

• The first contact may inform you of a change in bank account details but not request payment. This ensures that all future payments are sent to the new account;
• Do not use the contact details on the letter/email requesting the change as these could be fraudulent;
• Look out for different contact numbers and email addresses for the company as these may differ from those recorded in previous correspondence;
• Consider setting up designated Single Points of Contact with companies to whom you make regular payments;
• Fraudsters can change an email address to make it look like it has come from someone you email regularly. Look out for different contact numbers and/or a slight change in the email address, for example, .com instead of .ie, as these may differ from previous correspondence.

“As we launch our campaign this week which people will hear on the radio as well as see online and via social media, our key message, be it to consumers or business, is to take your time, never click on links in texts or emails, and verify any communication, text or email, and do so by using contact details you have on file, the back of your bank card, or via a website directly," said Ms Davenport.