On Friday 12 May 2017 an unprecedented ransomware attack, using malware known as WannaCry, spread globally within hours and affected thousands of businesses in at least 150 countries. It’s target? Any Windows computer where the available security software updates (or patches) had not been fully applied.  What’s different about this strain of malware is that it is a ransomware ‘worm,’ allowing it to spread as far as possible, as quickly as possible.  
 
What is ransomware?
 
Ransomware is a type of malware that prevents the victim from accessing many files on their PC and on any fileshares they are connected to. Unusually, in this instance, a user’s PC is typically infected by another infected PC, through the PC’s network connection, or via a Wireless Network. The malware uses advanced hacking methods to enable an infected PC to identify, attack and infect other PCs on the network. 

Once the malware has “wormed” its way onto the user’s PC, it begins to encrypt all data files on that device.  When the encryption is complete, a blocking screen appears, ordering the user to pay a ransom in order to regain access to their files with a decryption key within a set time period. In the case of WannaCry, this ransom was $300 (€275) in Bitcoin for each device affected, if paid within 3 days.

While WannaCry was infecting the user’s PC, it was also busy searching for other unpatched Windows PCs to infect as well. It is this feature which has enabled it to spread so fast across the globe, especially in large corporate companies with machines linked together in the same network.

Guidance for home and business

There are a number of easy-to-implement steps you can take to help protect yourself and/or your business against a ransomware attack:

• DO NOT click links in suspicious emails or download unsolicited email attachments.
• If you receive an email from a known sender, but with an unusual link or attachment, contact them first to confirm the legitimacy of the email.
• If you receive a suspicious email in relation to your Bank of Ireland accounts, forward it as an attachment to [email protected] immediately.
• Be careful when accessing websites; do not click on advertisements as they could contain malicious software.
• Ensure your anti-virus software is up to date.
• Always run your computer or network on the most up to date version of the operating system.

 
In light of the recent and ongoing global cyber attacks, Bank of Ireland has taken additional precautionary security measures to safeguard Bank and customer information. These measures are based on the cyber threat intelligence available to the Group from a range of trusted sources, and include rigorous inspection of all incoming communications to the Bank. This may mean that there is a delay in us receiving emails with attachments that are sent into the Group. We apologise for any delay and inconvenience this may cause, however we always take the security of our customer information seriously and are taking these additional steps during this period of heightened alert. We would like to thank customers for their patience during this time.

Protect yourself 

In addition to the general guidance above, you should take the following step to protect yourself:

• Set your Windows Update settings to automatically update (and apply patches) as early as possible.

Protect your business

In addition to the general guidance above, you should take the following steps to protect your business:

• Apply security patches as soon as possible after they become available.
• Back up your data.  You can’t be held to ransom if you hold your data somewhere else.
• Review and restrict accesses to your network on a needs basis.
• Ensure you have a firewall enabled on your network.

If you are affected

• If you think you have been the victim of a ransomware attack and your data files have become infected, the general advice from law enforcement agencies is not to pay the ransom.  
• It is also advised that you disconnect infected computers from your business network immediately to stop the spread of infection to other computers in your network.
• Contact your security service provider if you have one, or seek professional advice from a security service provider. 

Helpful sites

The Business Continuity Institute – www.thebci.org  
 
Ransomware is a very real and current threat.  The scale and speed of the WannaCry attack globally reinforces the importance of being prepared and having the right defences in place.

We are aware of a recently publicised customer data incident involving Wonga.
 
We are working with the relevant authorities to ensure we provide appropriate security advice and protect any customers who may be at risk.
 
We have received information from Wonga on customers who may have been affected by this incident and will provide advice to them on how to keep their Bank accounts safe. 

We are also liaising with the appropriate regulatory bodies and other authorities where necessary.

The purpose of this alert is to raise awareness of a phishing scam targeted at students in UK universities.

The phishing campaign claims that the student has been awarded an educational grant as part of a student support programme. The email example below purports to have come from the Finance Department of the student’s university. It tricks the recipient into clicking on a hyperlink contained in the message to provide personal details on a webpage.

Victims report that after submitting their sensitive information (including name, address, date of birth, bank account details, National Insurance Number and mother’s maiden name), they were taken to a spoofed website which appeared to be a genuine representative of their online bank, where they were directed to type in their online banking credentials. 

Protection and Advice

• Don’t open attachments or click on the links within any unsolicited emails you receive, and never respond to emails that ask for your personal or financial details.
• An email address can be spoofed, so even if the email appears to be from a person or company you know of, but the message is unexpected or unusual, then contact the sender directly via another method to confirm that they sent you the email.
• If you receive an email which asks you to login to an online account, go directly to the website yourself instead of using the link provided in the email.
• If you suspect an email is a scam, do not reply to the sender. Where possible, flag the email as spam and then delete it.
• Always install software updates as soon as they become available. Whether you’re updating the operating system or an app, the update will often contain fixes for critical security vulnerabilities.
• If you think your bank details have been compromised and/or you have lost money due to fraudulent misuse of your cards, you should immediately contact the bank and report it to Action Fraud. 

Purpose of Memo:

The Bank wishes to alert customers and members of the public to a scam that is currently active in the marketplace.

Consumers are receiving telephone calls from persons claiming to be security engineers from a major computer company (they’re not!), or working on behalf of a major international computer company (they don’t), to tell them they have a virus on their computer (not true!).
 
Key Points:

• Consumers are cold called by someone claiming to be from a computer firm and told there is a problem with their computer and offering help to solve the computer problems.
• Once the caller has gained the consumer’s trust, they ask the consumer to log onto a website to download a file to help solve the problem, or
• The caller may ask the consumer to allow them online access to the consumer’s PC so that they can run a quick scan.  Having done so, many victims report seeing the cursor on screen being manipulated by the caller as he/she configures the consumer’s PC.
• The caller will then ask for the victim’s credit card details in order to ‘purchase’ a software package which will fix the virus.  They also potentially attempt to steal from the victim by accessing personal information on their computer.  In addition to gaining access to personal details, they can also infect the computer with damaging viruses and spyware.

 
Detail:

Customers and members of the public are encouraged to treat all such unsolicited phone calls with scepticism and not to provide any personal banking information (including Credit Card details) to anyone over the phone or online in response to these calls.

Anyone who receives an unsolicited call from a person claiming to be from a computer firm or a PC Repair business should hang up.  Legitimate business firms do not make these kinds of calls.

Police intelligence suggests that such calls originate from Asia and Africa and the phone numbers quoted are usually fake.  It is believed that auto-dial machines are being used to perpetrate this scam and this has resulted in both customers and businesses (including bank branches) receiving these bogus calls.
 
Action:

If you receive a call from one of these fraudsters,

1. DO HANG UP,
2. DO NOT give these callers online access to your PC,
3. DO NOT give these callers your Credit Card details,
4. DO keep your anti-virus software up to date.

If you suspect fraud has occurred on your Bank of Ireland UK Credit Card, customers can contact 0345 309 8099, option 1.

Bank of Ireland UK is aware of a recently publicised customer data incident involving Vodafone.

We are working with the relevant authorities to ensure we provide appropriate security advice and protect any customers who may be at risk.

We have received information from Vodafone on a very small number of customers who may have been affected by this incident and will provide advice to them on how to keep their Bank accounts safe.

We are also liaising with the appropriate regulatory bodies and other authorities where necessary.

Bank of Ireland UK is aware of a recently publicised customer data breach at Talk Talk and is working with the relevant authorities to ensure we provide appropriate security advice and protect any customers who may be at risk.

We are awaiting information from Talk Talk on customers who may have been affected by this data breach and will provide advice on how to keep their Bank accounts safe.

We are also liaising with the appropriate regulatory bodies and other authorities where necessary.

Details of the FFA and the recent press release can be found at www.financialfraudaction.org.uk/latest-news.asp

Businesses are being warned of a new email scam in which fraudsters impersonate a senior member of their company to deceive staff into transferring money.

The scam involves a criminal sending an email to a member of staff in a company’s finance department which appears to be from a senior colleague, such as the finance director or chief executive, according to intelligence reported to Financial Fraud Action UK. Fraudsters use software which manipulates the characteristics of an email, including the sender address, so that it looks genuine. This means the spoof email appears in the recipient’s inbox in just the same way as a regular email from the same contact. The email requests that an urgent payment is made outside of normal procedures, often giving a pressing reason such as the need to secure an important contract. However, the account to which the payment is made is in fact controlled by the fraudster. Upon receipt of the funds, the money is then quickly withdrawn.

Fraudsters have also hacked the genuine email accounts of senior staff, often on web-based services, before sending the fraudulent emails.

Criminals use publicly available information to gain knowledge of target companies, such as the names of senior staff.

Advice on avoiding this scam:

• Always check any unusual payment requests directly, ideally in person or by telephone, to confirm the instruction is genuine. Do not use contact details from the email.
• Establish a documented internal process for requesting and authorising all payments and be suspicious of any request to make a payment outside of the company’s standard process.
• Be cautious about any unexpected emails which request urgent bank transfers, even if the message appears to have originated from someone from your own organisation.
• Ensure email passwords are robust.
• Consider whether the email contains unusual language or is written in different style to other emails from the sender.

Details of the FFA and the recent press release can be found at www.financialfraudaction.org.uk/latest-news.asp

Bank of Ireland UK is aware of a recently publicised customer data breach at Carphone Warehouse and is working with the relevant authorities to ensure we provide appropriate security advice and protect any customers who may be at risk.

We have recently written to some customers whose information may have been affected by this data breach, and provided advice on how to keep their Bank accounts safe.

We are also liaising with the appropriate regulatory bodies and other authorities where necessary.

Details of the FFA and the recent press release can be found at www.financialfraudaction.org.uk/latest-news.asp

Purpose of Alert:

The Bank wishes to alert Customers and members of the public to the threat of share sale fraud - more commonly known as Boiler Room scams.

Share sale, boiler room, hedge fund or bond fraud involves bogus brokers, usually based overseas, cold calling people to pressure them into buying shares that promise high returns or whose share price is about to ‘go through the roof’. In reality, the shares are either worthless or non-existent.

Boiler room fraudsters are highly trained and use ‘hard sell’ techniques to pressurize investors into making rushed decisions to buy shares which are of little or no value.

If you deal with a share sale fraudster or Boiler Room you’ll almost certainly lose the money you’ve invested and you won’t have any right to claim compensation under the Financial Services Compensation Scheme, as the Boiler Room firm is NOT AUTHORISED as an investment firm by the Financial Conduct Authority.

Key points:

Most Boiler Room scams start with an UNSOLICITED phone call, in which a professional sounding ‘stockbroker’ offers you a fantastic investment opportunity.

These salespeople are persistent and are trained in dealing with any objections or questions, they specialize in using high pressure ‘hard sell’ tactics in order to persuade victims to agree to buy shares, they will often claim that by agreeing to buy the shares you have ‘entered into a contract’ to do so.

They will urge you to be discreet and not to tell anyone else about the deal, this enables them to continue cold calling hundreds of other potential victims while the scam is running.

In order to appear legitimate, firms will often have websites which look professional, they may provide official-looking documentation and share certificates, all these are ultimately worthless.

As most Boiler Rooms are based overseas you will be asked to send your “investment” by International Payment, you will probably never get any money back.

Remember: if it looks too good to be true, it probably is!

Advice for Customers:

If you receive an UNSOLICITED call from a person who offers you an opportunity to invest in shares HANG UP.

Genuine UK investment firms are authorised by the Financial Conduct Authority. If you wish to check whether a firm is authorised you may do so on their website:

http://www.fca.org.uk/firms/systems-reporting/register

If in doubt, refer your query to a Qualified Financial Advisor who is known to you – explaining why you are concerned.

If you think you may have been duped by a boiler room scam you should report it to the Financial Conduct Authority and to the Police.

Recovery Fraud:

People who have lost money on Boiler Room scams may subsequently find themselves being targeted in a ‘recovery room’ fraud, where the victim receives a call from a firm who will claim that they can help to recover the lost investment monies.

This however, is simply another part of the boiler room scam and the ‘recovery’ firm will request upfront payment of substantial fees before they handle your case, again this is just another way of scamming more money from victims.

Please see below for details on recent fraud alerts.

• Fraudsters using spoof bank texts in a new scam
• Malicious Software
• Pension Liberation
• Scam Calls
• Fake PC Support Calls
• Fraud against the elderly
• Money mules (job vacancies)
• Lottery fraud

FRAUDSTERS USING SPOOF BANK TEXTS IN A NEW SCAM

The Press Office of Financial Fraud Action UK have put together a SMS Spoofing scam alert on behalf of the banking industry, this was released to the public on 9^th June and the media coverage of the alert has been extensive and very successful. This fraud alert is to make customers aware of this new scam.

Key Points:

• Criminals are using spoof text messages which appear to be sent from their victim’s bank in a bid to steal personal or financial information.
• The scam text messages claim that there has been fraud on the recipient's account or that the account details need to be updated.
• The texts encourage people to call a number or visit a website, often claiming the matter is urgent. However the telephone number or website is actually controlled by the fraudster, enabling them to steal security details which can be used to access the victim’s bank account and steal money.
• To make the texts seem authentic, fraudsters use specialist software which alters the sender ID on a message so that it appears with the name of a bank as the sender. This can mean that the text becomes included within an existing text message thread on the recipient’s phone.
• Through a second route the fraudsters take, the texts warn that the recipient will soon receive a call from their bank’s fraud department. However it is actually the fraudster that then calls the victim and attempts to trick them into revealing their full security details.
• Intelligence also suggests that fraudsters are sending scam texts which appear to be from a landline number, asking the recipient simply to call their bank. This is in the hope that the victim will phone the number from which the text was sent, which is controlled by the fraudster, rather than the bank’s regular customer service telephone number.

Advice:

Financial Fraud Action UK’s advice on how to avoid becoming a victim of this scam:

• Be suspicious of any text message that asks you to provide sensitive personal information, passwords or to make transactions.
• If you’re asked to call the number given in the text message and the number is unknown to you or suspicious, call your bank on a number that you trust – such as the one on the back of your card – to check the number and message is authentic.
• Do not call the phone number a text message has been sent from; instead call your bank on a number that you trust.

Remember your bank will never:

• Phone you to ask for your 4-digit card PIN or your online banking password, even by tapping them into the telephone keypad.
• Ask you update your personal details by following a link in a text message.
• Tell you over the phone how to respond to a text message confirming a transaction.
• Ask you to transfer money to a new account for fraud reasons, even if they say it is in your name.

MALICIOUS SOFTWARE

The National Crime Agency ‘NCA’ (UK) recently issued an alert in relation to Malicious Software (Malware). This arises from the identification and shut-down by international Law Enforcement authorities of over 1m compromised computers (a ‘botnet’). The Agency is advising the public that they have two weeks before hackers regroup and recommence their criminal activities against unsuspecting and unprotected computer users.

The authorities indicate that if your computer does not run Windows, then this alert may not apply directly to you. Other problems might though, and in order to keep yourself protected, you should always keep your antivirus up to date.

Advice (particularly for Windows users)

You can protect yourself by:

• Making sure security software is installed on your PC and is kept updated by running scans
• Check that your computer operating systems and applications are up to date
• Regularly back up all your files, especially Word, Excel and Powerpoint documents along with your Photos and any other items you would not like to lose. Store this information securely (encrypted) in a separate storage device
• Do not open attachments in emails unless you are 100% certain that they are authentic

For further information Get Safe Online is providing advice, guidance and tools on its website at www.getsafeonline.org/nca

PENSION LIBERATION

Purpose of Memo:

The Bank wishes to alert customers and members of the public to a scam that is currently active.

Detail:

Pension Liberation also known as ‘pension loans’ and ‘pension scam’ is a transfer of a scheme member’s pension savings to an arrangement that will allow them to access their funds before the age of 55. But accessing pension savings before minimum pension age is only possible in rare cases, like terminal illness.

Pension Liberation can result in tax charges and penalties of more than half the value of a member’s pension savings, and those being targeted are usually not being told about the potential tax implications. This is in addition to high charges, typically 20 to 30% for entering into one of these arrangements and high risk investments for the remaining pension savings.

Warning signs

• Unsolicited contact
• Transfer of funds overseas
• Attempts to access pension before the age of 55
• Copy of documentation has not been provided to member
• Member encouraged to carry out transfer quickly
• Receiving scheme not registered/newly registered with relevant Revenue authority
• Member informed there is a legal loophole

 
Action:

The pension Regulator’s five steps to avoid becoming a victim:

1. Never give out financial or personal information to a cold caller
2. Check the credentials of the company and any advisers – who should be registered with the appropriate regulatory authority, e.g. the Financial Conduct Authority.
3. Ask for a statement showing how your pension will be paid at retirement, and question who will look after your money until then
4. Speak to an adviser that is not associated with the deal you’ve been offered, for unbiased advice
5. Never be rushed into agreeing to a pension transfer

For further information on Pension Liberation see:

• www.bankofireland.com
• http://www.actionfraud.police.uk/fraud-az-pension-liberation-scam
• www.thepensionsregulator.gov.uk/pension-liberation-fraud 

SCAM CALLS

Purpose of Memo:

The Bank wishes to alert customers and members of the public to a scam that is currently active in the Irish marketplace.

Key Points:

• It has come to our attention that there has been a marked increase in fraudulent calls to mobile phones in recent weeks.
• The phone number on the incoming call appears to begin with "+4212/60". The distinguishing characteristic of the caller’s number is the inclusion of the forward slash.
• While recipient experience in taking the calls varies, answering a call from this number always results in a premium rate charge appearing on the customer's bill.

Action:

Law enforcement intelligence advises everyone to be cognisant of the issues surrounding unsolicited calls from unknown numbers and to be vigilant in this regard.

FAKE PC SUPPORT CALLS

Purpose of Memo:

The Bank wishes to alert customers and members of the public to a scam that is currently active in the marketplace.

Consumers are receiving telephone calls from persons claiming to be security engineers from a major computer company (they’re not!), or working on behalf of a major international computer company (they don’t), to tell them they have a virus on their computer (not true!).
 
Key Points:

• Consumers are cold called by someone claiming to be from a computer firm and told there is a problem with their computer and offering help to solve the computer problems.
• Once the caller has gained the consumer’s trust, they ask the consumer to log onto a website to download a file to help solve the problem, or
• The caller may ask the consumer to allow them online access to the consumer’s PC so that they can run a quick scan.  Having done so, many victims report seeing the cursor on screen being manipulated by the caller as he/she configures the consumer’s PC.
• The caller will then ask for the victim’s credit card details in order to ‘purchase’ a software package which will fix the virus.  They also potentially attempt to steal from the victim by accessing personal information on their computer.  In addition to gaining access to personal details, they can also infect the computer with damaging viruses and spyware.

 
Detail:

Customers and members of the public are encouraged to treat all such unsolicited phone calls with scepticism and not to provide any personal banking information (including Credit Card details) to anyone over the phone or online in response to these calls.

Anyone who receives an unsolicited call from a person claiming to be from a computer firm or a PC Repair business should hang up.  Legitimate business firms do not make these kinds of calls.

Police intelligence suggests that such calls originate from Asia and Africa and the phone numbers quoted are usually fake.  It is believed that auto-dial machines are being used to perpetrate this scam and this has resulted in both customers and businesses (including bank branches) receiving these bogus calls.
 
Action:

If you receive a call from one of these fraudsters,

1. DO HANG UP,
2. DO NOT give these callers online access to your PC,
3. DO NOT give these callers your Credit Card details,
4. DO keep your anti-virus software up to date.

If you suspect fraud has occurred on your Bank of Ireland Credit Card, customers can contact 00 353 1 6798993, option 1.

FRAUD AGAINST THE ELDERLY

Elderly people can be particularly at risk from bogus traders/callers who set out to gain their confidence before taking financial advantage of them.

Typically these people call door-to-door and offer to carry out works such as replacing roof tiles, mending guttering, decorating or they 'convince' the victim that repairs are necessary. Some of these people carry out a little work and charge exorbitant amounts of money for their service. In many cases the work is unnecessary. On completing the work in a very short time, they then demand substantial payment often using threatening and intimidating tactics. In some instances, they offer to drive the victim to the bank to withdraw the cash.

Always remember:

• You should never leave strangers, even bona fide workers, unsupervised in your home
• Never engage a person who insists on cash payments for services offered. Most reputable traders will not ask for money up front. Always use a method of payment which is traceable
• Never sign a blank form for any reason - it could cost you dearly

MONEY MULES (JOB VACANCIES)

Money mules are people recruited by criminals to help transfer fraudulently obtained money from bank accounts. Fraudsters contact prospective victims with 'job vacancy' adverts on the internet, on job search websites or in newspapers. These jobs are usually advertised as 'Financial Manager' or 'Payments Clerk' with no other requirement than having a bank account. The mule accepts the 'job' in good faith and does not suspect that they are being duped into involvement in criminal activity. Once recruited a Money mule receives stolen funds into their account, followed by a request to forward the funds, minus their commission, usually overseas, using a wire transfer service.

Always remember:

• Thoroughly research any work-from-home offer and do not get involved unless you are sure the business is legitimate
• If a job sounds too good to be true, then it probably is

LOTTERY FRAUD

Another scam currently being carried out by various groups of international fraudsters involves victims being contacted by email in which they are advised that they have won the lottery. No ticket purchase was necessary - according to the scammers. The victim is encouraged to pay a fee before the 'winning' lottery cheque is handed over. This scheme is a fraud and you should not become involved or communicate with them in any way as these winnings do not exist.