"Bank customers should save themselves from scams"

Until you've been there, I don't think you can fully understand the extreme difficulty modern day customer systems place on our elderly people.

Call centres, not branches, multi-menu systems when you are hard of hearing, advice to use their website or email when you don't own a computer and have no idea how to use one, you talk to a different person every time you ring, diverse accents exacerbate your hearing difficulties, the operator has had zero training in the difficulties elderly people face. Every time the call is transferred, the entire range of security questions is asked again.

I have been on one of these calls, as a support, where there was suspected fraud (thankfully stopped) with an elderly family member and could have wept for the way they were treated.
 
I think there needs to be some level of personal responsibility, but the reality is the retail financial sector has a long history of not taking security seriously.

Until they put properly designed systems in-place that do not leave end-users as vulnerable, they should bare the cost of fraud. In-fact I'd go a step further and say that instead of just refunding your few quid and forgetting about it, they should be fined in the same way they would for credit card information loss or personal data breaches under PCI-DSS/GDPR, to put a bigger cost on improperly designed systems.

There is utterly no need for the systems to leave people as exposed as they do, it's simply a problem of the incentives not being setup correctly to encourage banks to take it seriously. Hopefully PSD2 and future iterations will go some way to improving this.
 
On PSD2, I note that the Central Bank says it has given additional time, until 31 Dec 2020, for compliance with PSD2 for card-based transactions. https://www.centralbank.ie/regulation/psd2-overview. So it would appear a bank is currently not delinquent if it does not authenticate transactions in the way envisaged the directive.
 
I agree with you Ceist Beag. And some people actually clicked on the link to unsubscribe and it still brought up their details. Other people contacted their bank when this happened to them and two days later the money was taken from their accounts. This is surely not the fault of the customer...
 
I was nearly caught by this scam. Was not fully thinking and was preoccupied as I needed access to 365 for some upcoming transactions. As you can see there's a good facsimile of the 365online web page including the secure padlock icon. I copped on while inputting details.
As I thought it quite sophisticated I took screen grabs and sent to BOI 365 Security on 22 Feb last. Got no response. See the attached for a screen grabs (Apple Phone)
 

Attachments

  • BOI Scam.pdf
    366.7 KB · Views: 346
  • BOI Text.pdf
    144.7 KB · Views: 335
I was nearly caught by this scam. Was not fully thinking and was preoccupied as I needed access to 365 for some upcoming transactions. As you can see there's a good facsimile of the 365online web page including the secure padlock icon. I copped on while inputting details.
As I thought it quite sophisticated I took screen grabs and sent to BOI 365 Security on 22 Feb last. Got no response. See the attached for a screen grabs (Apple Phone)

I know for people less used to tech (e.g. older customers and mentioned above), the examples you gave might work. But the examples do highlight basic rules / indicators; poor grammar in the text, dodgy website address which isn't the original and never click a link - always go to the site you want independently (or use the app).

The facsimile of the website is the easiest thing to do - so nobody would be able to tell by looking at the website. And BOI security probably can do little about it other than continue to warn people not to click links or input details when they haven't initiated the website. The can't easily take down the website
 
That text could not look more like a phishing scam if it tried! And surely if you online bank with BOI, you now what the name of the website is?

There has to be an element of personal responsibility. If you don't know how to use phone or online banking, you shouldn't be on it.
 
That text could not look more like a phishing scam if it tried! And surely if you online bank with BOI, you now what the name of the website is?

There has to be an element of personal responsibility. If you don't know how to use phone or online banking, you shouldn't be on it.

Good for you. Must be great for you and others to be intellectually superior. Banks are pusing their customers more and more on to online and digital channels. This includes people like the elderly and other vunerable groups. There are plenty of people who love to take your advice and get off online banking but the banks have made it all but impossible to avoid it.

The scam was extremely sophisticated. These scams are not deisgned to catch out 100 people. They are designed to catch out one person not paying attention or not full au fait with the internet. Do you want to explain to my 75 year old mother why the URL in that screenshot is not a link to BOI? They also managed to get their scam text inserted so that it appeared as if it came from the same place as other genuine texts from BOI. This was actually one of the most sophisticated scams I have seen in a while.

I still see people and I bet there are people here including myself who blindly give out card details over the phone to hotels, shops and other companies....I have seen people leave their cards behind the bar for a tab. People shop online and allow shops to store their card details to 'speed up' their next purchase....We previously heard how chip and pin was completely safe until it wasn't. I know someone who let never changed their address with the bank and allowed correspondance go to a rental house and got scammed. That person worked in IT security. Scams, fraud, theft can affect anyone. Yes, personal responsibility does play a part and no the banks can't be held responsible every time there is a scam but reading the posts above, I have to say that I hope you never get to say 'I told you so' or ask why 'you were so stupid' to an elderly relative.
 
So Sunny

Do you make any distinction between your 75 year old mother and a 40 year old who is IT literate and fell for the scam?

Your mother and others who don't want to use 21st century technology can go to the Credit Union or Post Office.

The banks are right to encourage people to go online. If people don't want to go online, then they should stop using the banks.

We have reached a crazy situation in Ireland where people are no longer responsible for their own actions or errors.

I feel sorry for people who are scammed. I feel sorry for people whose bicycles are stolen. I feel sorry for people whose houses are burgled. But I don't see why the bank should compensate them.

And if you do persuade me that the bank should compensate them, then they absolutely must lose access to online banking.

Brendan
 
  • Like
Reactions: jpd
Was there a 40 year old who was computer literate person taken in by that scam?

Credit Unions and Post Offices use 21st century technology too Brendan and are just as easy to scam or defraud or do you think that people just go around with savings books? That's modern banking

If you are a BOI customer and you feel so strongly about them compensating victims of this scam and the fact that you will somehow have to pay for it (although I don't really understand your argument), then why don't you leave BOI or any other bank with such a business practice since you feel so strongly about it.

I don't actually believe that banks should automatically compensate people for scams. And they don't. I am unaware of any other large scams that banks have compensated customers for apart from this one. And even this, I have no idea how many people were impacted and how exactly the scam worked. Where were mobile numbers got? How did they manage to drop the scam texts into genuine marketing texts from BOI? Despite what the bank says, that is not a common occurrence for these scams. So maybe the bank had a weakness somewhere that they are not willing to publicise. Or there was a weakness in a marketing company or telecommunications company that they use and got exploited.

Maybe banks need to learn a lesson. There is no need to send marketing texts or e-mails. Make it default to no advertising to people unless they actually state they want to want to hear from the bank using text or e-mail method of communication. Every person over the age of 60 should be targeted for a marketing campaign to stress that they should never respond to e-mails or texts or give any information. And I mean a proper marketing campaign. Not online or on social media but through post and in branch. They should be encouraged to contact their local branch if they receive any sort of text or email from the bank looking for information. They should be offered in branch support to learn how to use online banking safely if they want to use it. They should be asked to confirm that they are comfortable with online banking and the risks before being allowed to use it.

We spend an awful of money and time protecting people when it comes to things like investments. Even though a lot of us would never invest in some of the junk that we see offered. Maybe we should spend a fraction of that money making sure that any vulnerable groups are protected using these 21st Century bank channels rather than be told they are shouldn't be allowed to be customers if they are stupid enough to get caught out.
 
I have heard many times about people who were "persuaded" to give their personal details and I always said "how stupid these people were to give their details" but this came from a recognised BOI number. When they clicked on the link all their details were presented before them . Everyone who I heard speak about this last week , even one person who was trained to watch out for this kind of behavior got caught by this scam. It was not stupid people at all.
 
I think you are being very unfair on the people scammed

I would be in general agreement with this sentiment.
I would be of the view that most people are careful with their details, but the very nature of fraud is deception, and good fraudsters are good are deceiving people from time to time. Regardless of how careful people are invariably they drop their guard from time to time. My understanding is that most of these scams are pitched far and wide in the hope that a few people will have dropped their guard or unintentionally provide personal info and thus get scammed.
I'm not sure what the level of this fraud is but I would hazard a guess that banks hold insurance policies to cover it?
 
Your mother and others who don't want to use 21st century technology can go to the Credit Union or Post Office.

The banks are right to encourage people to go online. If people don't want to go online, then they should stop using the banks.

We have reached a crazy situation in Ireland where people are no longer responsible for their own actions or errors.

I feel sorry for people who are scammed. I feel sorry for people whose bicycles are stolen. I feel sorry for people whose houses are burgled. But I don't see why the bank should compensate them.

And if you do persuade me that the bank should compensate them, then they absolutely must lose access to online banking.

Brendan
Brendan I feel you have a blind spot in this one. In this particular BOI scam do you accept that BOI have a responsibility here to their customers? BOI have admitted themselves that they were at fault here but you still seem to think this was a case of customers being stupid.
 
Hi Ceist

My general principle would be that people should be careful and should not be compensated for giving out their details to a website or cold caller.

However, I was not aware that BoI had admitted that they were in the wrong. If they were in the wrong and if the customer was not careless , then the customer should not be paying.

Brendan
 
Hi Ceist

My general principle would be that people should be careful and should not be compensated for giving out their details to a website or cold caller.

However, I was not aware that BoI had admitted that they were in the wrong. If they were in the wrong and if the customer was not careless , then the customer should not be paying.

Brendan

I don't think BOI have admitted they were wrong. Doesn't mean that there wasn't a weakness on their side that was exploited to allow the texts to be sent in the first place.
 
I was also thinking that you were been very harsh but now I understand your comments Brendan.
 
This scam was first reported on AAM on 22 July, more than 3 weeks before the times article.

https://www.askaboutmoney.com/threads/boi-suspicious-activity.218823/

The aspect of this that strikes me as most significant is that the scammers used a genuine BOI text to contact customers.

There is no clear line, only degrees of difference, between stupid careless customers who cannot mind their details and people who fall victim to sophisticated scams believing that they are dealing with the bank.

[ I made a similar point previously about there being no clear line between people who couldn't pay their mortgage and those who could but wouldn't.]
 
This scam was first reported on AAM on 22 July, more than 3 weeks before the times article.

https://www.askaboutmoney.com/threads/boi-suspicious-activity.218823/

The aspect of this that strikes me as most significant is that the scammers used a genuine BOI text to contact customers.

There is no clear line, only degrees of difference, between stupid careless customers who cannot mind their details and people who fall victim to sophisticated scams believing that they are dealing with the bank.

[ I made a similar point previously about there being no clear line between people who couldn't pay their mortgage and those who could but wouldn't.]

And yet you clicked the link because you thought it came from a genuine source so were curious even after checking your account and therefore could have infected your phone with malware or even worse....Even though you know BOI will never send a link

You might not have given your account details but according to Brendan and co, you are now too stupid to own a phone. Please give it back. :)
 
And yet you clicked the link because you thought it came from a genuine source


Yes I clicked the link because I thought it came from a genuine source. It did come from a genuine source, the BOI text number, being used by scammers.


Even though you know BOI will never send a link

That wasnt something I was aware of.

You might not have given your account details but according to Brendan and co, you are now too stupid to own a phone. Please give it back. :)

Where should I send it ?:):)
 
Back
Top