BOI suspicious activity

cremeegg

Registered User
Messages
3,838
I have received a text message from BOI saying "your BOI Card has been used for a suspicious transaction recently. Please go to 'link' as soon as possible to review the transaction. "

Ignoring the link I logged on to my BOI account through the normal website, there is no mention of a suspicious activity and looking at recent transactions nothing I do not recognise.

I then clicked the link and a screen appeared that looks like the real thing looking for User ID and DOB. I stopped there.

Does anyone know if this is likely to be a scam.
 

Jazz01

Registered User
Messages
940
BOI will not send you a text with a link to a login screen.

Ideally, you shouldn't have clicked the link itself in the text message, best to just delete the text message...
 

cremeegg

Registered User
Messages
3,838
I think it probably is a scam. However looking at the text message, I see that it appears to come from the same account I have received genuine BOI communications in the past.
 

SparkRite

Registered User
Messages
1,727
I think it probably is a scam. However looking at the text message, I see that it appears to come from the same account I have received genuine BOI communications in the past.
Indeed, you may well have, but I'll bet, never with links looking for information.
 

Leo

Moderator
Messages
14,010
I think it probably is a scam. However looking at the text message, I see that it appears to come from the same account I have received genuine BOI communications in the past.

It's easy spoof the sender. If it's a credit card transaction, they will detail the amount and company name and ask you to reply with a Yes or No.

BOI repeatedly confirm that they will never send you a text containing a link.
 

Pmc365

Registered User
Messages
72
If you click on a fraudlent link can this is itself release malware which can intercept transactions on your PC or phone?
 

blanketyblank

Registered User
Messages
67
I recently got one saying to click a link re my Netflix account it said it wasnt working I didnt needless to say and my Netflix worked just fine.
I also got one re PayPal also a scam one I ignore them all now but its annoying
 

RetirementPlan

Registered User
Messages
429
If you click on a fraudlent link can this is itself release malware which can intercept transactions on your PC or phone?


My understanding is that it is very rare that just clicking the link and opening a website in a browser can cause harm.

Most browsers are fairly locked down, and won't allow the browser to run executable code or extensions without further approvals. The cases where clicking causes problems are often down to previously reported faults in browsers, where the user (or the organisation) has not updated to a current version of the browser.

In most cases, there is no particular risk involved in clicking the link. The risk arises when you enter information on the system at that link, which is often make to look like your online banking or other trusted system.

Having said that, not clicking the link is good advice in itself.
 

Leo

Moderator
Messages
14,010
In most cases, there is no particular risk involved in clicking the link. The risk arises when you enter information on the system at that link, which is often make to look like your online banking or other trusted system.
I'm afraid not, clicking the link can be enough to trigger a malware/ virus download. Even clicking on such a link, you will be confirming to a scammer that they have a valid phone number/ email address that will see you get targeted more.

If in any doubt whatsoever, do not click the link.
 

RetirementPlan

Registered User
Messages
429
I'm afraid not, clicking the link can be enough to trigger a malware/ virus download. Even clicking on such a link, you will be confirming to a scammer that they have a valid phone number/ email address that will see you get targeted more.

If in any doubt whatsoever, do not click the link.
I agree on the 'do not click' conclusion, but aren't most browsers and indeed devices configured to block any download of executable code?
 

Leo

Moderator
Messages
14,010
I agree on the 'do not click' conclusion, but aren't most browsers and indeed devices configured to block any download of executable code?
Some will prompt you but the better coded exploits will work around those controls.
 

Leo

Moderator
Messages
14,010
Some useful details here; https://security.stackexchange.com/questions/172582/do-drive-by-attacks-exist-in-modern-browsers

Would seem to suggest that it would require either outdated browser or other software on the device to be exploited, or a zero day exploit - unlikely but not impossible.
Well, it's the thoughts of another anonymous person on an internet forum :D, but focused on drive-by exploits on computers, and not clicking on a malicious SMS link as per this thread. Drive-bys involve the triggering of a download without having to click on a link, download button, etc.. As you say, most browsers have stepped in to address that, so the criminals have moved on, no point spending time trying something that might never work.

Some of the links you will find circulating via SMS are direct download links, and not just a link to a website that hosts a drive-by or an attempt to fool you into providing personal information.
 

Seagull

Registered User
Messages
1,314
Some of these will take you to what appears a genuine bank page, and ask you to log in.
 

RetirementPlan

Registered User
Messages
429
Well, it's the thoughts of another anonymous person on an internet forum :D, but focused on drive-by exploits on computers, and not clicking on a malicious SMS link as per this thread. Drive-bys involve the triggering of a download without having to click on a link, download button, etc.. As you say, most browsers have stepped in to address that, so the criminals have moved on, no point spending time trying something that might never work.

Some of the links you will find circulating via SMS are direct download links, and not just a link to a website that hosts a drive-by or an attempt to fool you into providing personal information.
Thanks, do you know how a direct download link works on a mobile phone? It's not going to install an app, presumably? So at worst, it might be trying to install a browser extension, which presumably most browsers would block?
 

Leo

Moderator
Messages
14,010
Rather than a html page, the link would point to a compromised document or media file that would then depend on exploiting a vulnerability in the app used to open it. FluBot was an apk that most phones will block by default, but it's capable of presenting instructions to the user fooling them into disabling security measures, so clicks involved but lots of people were fooled.
 

RetirementPlan

Registered User
Messages
429
Rather than a html page, the link would point to a compromised document or media file that would then depend on exploiting a vulnerability in the app used to open it. FluBot was an apk that most phones will block by default, but it's capable of presenting instructions to the user fooling them into disabling security measures, so clicks involved but lots of people were fooled.
Thanks, I had heard of that one, but had forgotten the detail.

It's definitely not a scenario where the damage is done just by clicking the initial link though. You'd need to go a fair bit past clicking the link, with other clicks, to do the damage.
 

Leo

Moderator
Messages
14,010
You'd need to go a fair bit past clicking the link, with other clicks, to do the damage.
That all depends on whether they're trying to fool the user into disabling controls or they're going after a vulnerability that can bypass without user intervention. That's getting harder all the time, but I don't foresee a day when all OSs and browsers will be vulnerability free.
 
Top