Subscribe

How those text 'smishing' scams work

Fraud Birthday
/ 14th July 2022 /
George Morahan

Bank of Ireland has warned customers of a new wave of fraudulent text messages currently in circulation, whereby fraudsters use victims' card details to set up Apple Pay and Google Pay accounts.

The bank has experienced a spike in 'smishing', where text messages purporting to be from organisations such as An Post and government agencies like the HSE and Revenue are sent with the intention of defrauding consumers.

People who then click the link included in the messages are then directed to websites where they are asked for their card or online baking details, which are then used to set up Apple Pay or Google Pay on the customer's card or to set up the customer's online banking on a new device.

If the customer gives away the genuine 'one time passcode' sent by Bank of Ireland to confirm the set-up, the fraudster can then access the customer’s account.

Bank of Ireland's fraud prevention team has detected a 50% increase of smishing cases during the last month since the introduction of this tactic.

In Association with

"Fraudsters tend to use a range of tactics that have been the subject of regular warnings for some time. When a new variation on a familiar theme crops up, this is a cause for real concern, and we are warning customers to be extra vigilant.," said Edel McDermott, head of fraud at Bank of Ireland.

Smishing
Banking of ireland
Bank of Ireland has warned customers of a new smishing scam. (Pic: Getty Images)

“Text messages appearing to be from third parties like delivery companies or government agencies should be treated with caution and verified accordingly.  Following fraudulent links in these texts is leading to customers disclosing card details, and then having Apple or Google Pay set up on their card, generating a genuine One-Time Passcode from their bank.

"When this Passcode is then disclosed, this allows fraudsters full access to the customers’ account. Customers should never share this Passcode with anyone, even if they say they are from Bank of Ireland.” 

The bank advised customers to never click on or respond to any SMS messages that are designed to appear as if they were sent by the bank or other businesses or service providers, and remember that Bank of Ireland will never send a text with a link to a site that asks for your login details or passcode.

Bank of Ireland also said for customers to never share their one-time passcode to set up Apple Pay or Google Pay on their card with anyone, even if they say they are with Bank of Ireland, and to email a screenshot of any suspicious texts to 365security@boi.com before deleting them.

Anyone who thinks they have given away their banking details should call Bank of Ireland's 24/7 freephone line on 1800 946 764.

(Pic: Getty Images)

Sign up to The Business Plus Panel to help shape the business decisions of tomorrow and win vouchers for your opinions! 
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram