New email scam targets BoI credit card customers

25 May 2011

Scammers have come up with a new trick aimed at parting Bank of Ireland customers from their credit card details and PIN numbers by taking advantage of heightened awareness around online security.

The newly discovered spam emails pretend to come from the bank and brazenly ask users to enter their card details, the expiry date and pin numbers in an activation file that comes attached to the message. This is supposedly to activate their current credit card online in order to receive a new card, when in reality it sends those details to cyber criminals who can use the cards themselves or sell the numbers in underground forums.

On its website, Bank of Ireland states that it never asks for security or account information by email. Although the scam shows a good grasp of social engineering to try and fool people, there are still a couple of telltale signs, including misspelled words in the email. The full text of the spam mail reads as follows:

You will soon receive a new Credit Card

It replaces your current Credit Card.

Dear Member,

To protect you and your credit, Bank of Ireland is constantly monitoring accounts for fraudulent activity. During a recent security review, we identified your credit card number as being at risk for unauthorized charges.

Your account security is a top priority for us, so we are taking the proactive step of issuing you a new credit card.

Your new credit card should arrive in the mail in the next 7-10 bussines days. As soon as you receive it, activate it immediately, then destroy your current card.

To continue using your current card untill the new card will arrive in the mail please download and complete the form attached to this email.

Bank of Ireland 365 Online Security Information.htm

Thank You

Jan A – Bank of Ireland Security Department

Urban Schrott, cyber crime analyst with ESET, said scammers are using online security as a cloak for their latest cons. “The newer twist is mainly in the cyber criminals’ using concerned language ‘we identified your credit card number as being at risk for unauthorized charges’ and ‘Your account security is a top priority for us, so we are taking the proactive step of issuing you a new credit card’, which is actually playing the card of raised awareness about computer security,” he said in a statement.

“Since IT security experts’ efforts are focused at raising awareness about online dangers, the bad guys have recognised computer users are paying more attention to their safety and so a message that appears like a security advisory from a ‘Security Department’ is more likely to be followed.”

Gordon Smith was a contributor to Silicon Republic

editorial@siliconrepublic.com