I didn't say easy to access bank details - that was obviously something deeper. I merely said spoofing the number the text came from - a quick google search will show you how it is doneHow did the scammers use the banks text number to send the messages. If they were able to get the banks details to do so that is a serious breach of BOI security.
Some posters suggest that it is a simple matter to send a text from one number that appears to come from another.
I don't find this convincing, if it were a simple matter that could be done without access to the banks details, surely it would happen more often.
I agree it is offensive. I actually think the older generation / elderly are less trusting of technology which is confused with not understanding technology. The younger generations (myself included) are far more trusting and accepting of technology.
My view is that Bank customers should save themselves from scams and that Banks should support them in doing so. Banks can take care of the technical aspects of cyber security / fraud. However, many of these scams are just variations of social engineering / phishing and will always require a conscious decision which is heard to systematically protect.
I am also of the opinion that If I get a speeding ticket, I can't say that the car manufacturer is to blame for making a car that lets me speed.
I could also argue that the government should be running campaigns to educate people on cybersecurity.
Online banking and other channels are great but they have a responsibility to ensure that the people who use them understand the risks and how they need to be used. Just like they would with any investment. Sending out text warnings or email warnings or putting warnings on twitter is useless as they don't reach the people that most need to hear the warnings or help on using the system.
How did the scammers use the banks text number to send the messages. If they were able to get the banks details to do so that is a serious breach of BOI security.
Some posters suggest that it is a simple matter to send a text from one number that appears to come from another.
I don't find this convincing, if it were a simple matter that could be done without access to the banks details, surely it would happen more often.
But how ?
Do you think people read and absorb more from a generic warning sent to the post? I may be wrong but I believe these are sometimes included with normal correspondence from banks (eg, when getting a new card). I suspect lots of people don't read these and of those who do the details are forgotten after a month or so. People absorb the message "don't fall for scammers on the internet" and "don't give your details" but it does not protect them from very clever scammers who convince them they are legit. Confidence trickers and fraudsters have always existed but technology gives them a whole new reach. As you say, scammers target everyone they can reach and anyone can be scammed.
It's really quite easy. It's not a breach of BOI security at all. It's a "feature" of SMS and emails - virtually no security about them at all.
This idea that huge amounts of education is needed re cybersecurity is insane. It's the exact same advice it has always been, which is constantly repeated, that even my small children and aged relatives can tell you.....you never click on a link in a text, especially from a bank. Ever. It doesn't take a degree in IT, it doesn't need an advertising campaign.
If you don't know this basic thing by now then you will never know it. Some people can't be taught.
If sms and email is really so insecure, and I have no knowledge to the contrary, then it is a serious fault of the banks that they use them for what should be secure communication.
BOI send transaction verification codes via text message.
Banks (and other services) have historically used SMS as a second factor security but it has long been seen as flawed. Banks are moving away from them and most other services are moving to alternatives - ideally you should remove texts as a second factor for everything and use an alternative second factor.
Banks don't use texts for secure communication (i.e. two way). They don't use them to initiate interaction (i.e. links). They use them for push notifications only. But they are flawed.
Banks spend vast amounts of money every single year to ensure that their own employees are educated on IT security and especially around phishing scams and the dangers of social media. There is a regulatory requirement that every single bank employee at every single level of the organisation is told how to identify spoof URL's, dangers of opening links, password security and even putting personal information on social media. And they need to do it EVERY SINGLE YEAR. The banks do that not because they think that their employees are too stupid to understand basic security, it is because people get complacent around these things. They click and open things they shouldn't. They don't check internet site addresses properly. They don't check e-mail addresses properly.
So banks and other financial institutions are forced to spend time and money on making sure they have done all they can to ensure that their employees understand the risks. After that and an employee opens an e-mail from a porn site that infects his PC or acts on an instruction from a dodgy e-mail, then they can't say they weren't told. Every single employee is made to sign off that they have done the course and passed a basic test.
Meanwhile banks are closing physical branches and forcing all customers into other banking channels like online and phone banking. There is nothing wrong with this business model but it does introduce increased risk of fraud. The fact of the matter is that some people of all ages are better with technology than others. Banks have customers that have banked with them for 40-50 years and might barely own an old style nokia phone. They have younger customers who are uncomfortable with technology for a number of reasons. It is well established that banks have a duty of care to their customers. Online banking and other channels are great but they have a responsibility to ensure that the people who use them understand the risks and how they need to be used. Just like they would with any investment. Sending out text warnings or email warnings or putting warnings on twitter is useless as they don't reach the people that most need to hear the warnings or help on using the system.
Even BOI have admitted that they have work to do in this regard but people here seem to think it is offensive that a bank would admit that and that all the 'stupid' people should just run off to 'simpler' banking with their savings books and cash lodgements and withdrawals.
If this leads to BOI and the other banks taking a more proactive stance in warning people about these scams and helping them understand the risks, then I certainly don't know why anyone on a so called consumer website would have an issue with it.
EmmDee,
Under SCA (Strong Customer Authentication) I have noticed that banks like KBC are using texts to verify transactions. This is a relatively new introduction to my knowledge is this just a case of them lacking a better infrastructure to have implemented something better under SCA?
By the time a customer has reached their 80s, they have likely paid 6 decades of bank fees.
Companies move to these service models to save money and for no other reason; the least they can do is make their systems easier to use for customers who were children at a time when even TVs were unknown, never mind computers.
Your sense of entitlement is just unbelievable.
can I add it is not just online banking, the scams come via the phone as wellI have heard many times about people who were "persuaded" to give their personal details and I always said "how stupid these people were to give their details" but this came from a recognised BOI number. When they clicked on the link all their details were presented before them . Everyone who I heard speak about this last week , even one person who was trained to watch out for this kind of behavior got caught by this scam. It was not stupid people at all.
isn't the whole point of online banking to make the whole process cheaper, but now there is ever more chargesSo how much are you will to pay for this service? Because that is what it comes down to at the end of the day. Say a annual charge of €100 per account for all account holders under 65?
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?