Phishing War Targeting Customers of Bank of Ireland
Almost all spam emails, which were intercepted by ESET Ireland in the last week, belonged to types of this phishing campaign. Irish mailboxes are targeted by the emails, which claims claim that user's 365 online services account is going to be suspended or expired, until user clicks the link and activates it again.
As per the email, for confirming the enrollment, the user must have to sign on prior to 26th January, 2017. The email further states that "for your security, your Bank of Ireland 365 online services access is due to expire if you have not signed on by the date above. If you signed up for Bill Pay, your Bill Pay service, including any pending payments or payee information, will also be canceled at that time."
The link contained leads to the website that is register in Indonesia, which almost looks like the exact version of the genuine Bank of Ireland 365 Online website and needs user to "log in" (the irony is, it even warns victim to not become prey of the phishing scams).
However, the warning actually tricks user to consider the email genuine and reveal its 6-digit 365 pin, user ID, last 4 digits of contact number, email address, name, date of birth, address, town, and various other details which allow cybercriminals to logged into the user's account; and also provide them access to victim's credit card no., security code, expiry date, etc. isBuzz news posted on January 27th, 2017, stating that after submitting all sensitive information to cybercriminals, they "process the request" and then redirect victim back to actual website of Bank of Ireland.
As the websites and emails appear so convincingly genuine, the users have to be very careful, so that they do not mistake them as real Bank of Ireland communication. The bank themselves provides extensive advice on its official website for identifying and protecting the users against such phishing scams.
ESET Ireland advises users to be careful from doubtful mails, stay away from clicking the links or the attached files within emails, call bank when they are not sure, and also warn other users to remain careful.
» SPAMfighter News - 01-02-2017