Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

BOI refund customers - SANS email

  • 09-09-2006 1:41am
    #1
    Registered Users, Registered Users 2 Posts: 1,215 ✭✭✭


    I just received this from a SANS email - missed the register article when it came out
    TOP OF THE NEWS
    --Bank of Ireland Will Refund Phishing Victims' Losses
    (6 September 2006)
    Bank of Ireland (BOI) has apparently had a change of heart, agreeing to
    restore funds of nine customers bilked out of a total of 160,000 Euros
    with phishing emails. The nine customers had threatened to sue the
    bank after it initially said it would not refund the money that they
    had lost. Some people have expressed concern that BOI's willingness
    to refund the money will encourage other phishers to launch attacks
    and cause other customers to expect the same compensation should
    they fall victim to phishing attacks. Banks are likely to begin
    implementing more stringent security measures for online banking,
    including placing some of the onus of protecting account details on
    the customers' shoulders.
    http://www.theregister.co.uk/2006/09/06/boi_refunds_phishing_victims/print.html
    [Editor' Note (Pescatore): Many banks have been refunding customer
    losses from these type of attacks. The banking industry has definitely
    seen that customers will take their money elsewhere (what's left of
    it, anyway) after identity theft attacks.
    (Ullrich): The reason we put our money into bank accounts, instead
    of keeping it underneath our mattresses is not our urge to pay high
    banking fees. Instead, we hope banks will be better able to safeguard
    all that money. Assuming financial responsibility for fraud is the
    least one should expect in support of this promise.
    (Grefer): This case sets a bad precedent. It sets ground rules for
    how to put your competitor out of business by instigating phishing
    attacks.]


    Has anyone seen the email? Was it at least somewhat convincing? Do you think it has really set a precedent?


Comments

  • Registered Users, Registered Users 2 Posts: 4,780 ✭✭✭JohnK


    I think it will set a precedent of muppets thinking that they have nothing to lose the next time the son of the former King of Nigeria wants to give them a $100,000,000 because they are such a nice person. Personally speaking, if someone falls for that crap they don't deserve to have the money in the first place :mad:. BOI should have held firm.


  • Closed Accounts Posts: 583 ✭✭✭monkey tennis


    JohnK wrote:
    Personally speaking, if someone falls for that crap they don't deserve to have the money in the first place :mad:. BOI should have held firm.

    I agree. This is Darwinism in action, folks, it shouldn't be interfered with.


  • Closed Accounts Posts: 1,567 ✭✭✭Martyr


    I think it will set a precedent of muppets thinking that they have nothing to lose the next time the son of the former King of Nigeria wants to give them a $100,000,000 because they are such a nice person. Personally speaking, if someone falls for that crap they don't deserve to have the money in the first place . BOI should have held firm.

    i would have agreed with this way of thinking, until i had an accidental encounter with a 419 benefactor.

    he lives & operates small businesses here in ireland & abroad(god knows what) almost on nothng..he's the kind of man who wants everything for nothing, literally.
    lies so much, you end up laughing at him eventually, because he is so stupid, yet thinks he is so intelligent.

    i don't like him at all, not because he's nigerian, but because he is a compulsive liar & nasty piece of work.
    he uses about 6 different mobile phones, has a range of email addresses used to correspond with potentially duped victims.

    i have seen documents with bank account numbers based in nigeria with & names/addresses from foreign countries..you will say "could be anything..you're paranoid" but believe me, you can bet it is something illegal, because everything else he does IS.

    he arranges marriages between east european women & other men looking for EU citizenship (for a fee..of around 2500-3000 euro), drives around with no tax or insurance (gardai are aware) sells stolen property, passports, (cars+computers..somehow legally here in ireland)

    it may appear that i'm being racist, but this is just the way things are..i'm not making any of this up either..evidence? i have some, but i see no point in forwarding it to say..fraud squad because they probably wouldn't follow it up for 7 or 8 months anyway, by that time he'll probably have moved on.

    he has several different companies registered here in ireland & his friend was responsible for many other illegal activities in the waste industry, here & across the border in northern ireland.

    what amazes me, is how they get away with it all..
    so, i don't think anyone should be victim to these guys, somebody should stop them, or at best educate people more about whats going on around them.

    according to statistics, 419 advance fee fraud is the 5th largest industry in nigeria..so, i guess if you get an email from some guy masquerading as a king or son of rich oil business man offering you $50,000,000 & you fall for it, you're to be pitied for being naive more than anything else.

    i mean, you wouldn't give a stranger on the street your personal details, why should it be any different on the internet?


  • Closed Accounts Posts: 583 ✭✭✭monkey tennis


    if you get an email from some guy masquerading as a king or son of rich oil business man offering you $50,000,000 & you fall for it, you're to be pitied for being naive more than anything else.

    You're very kind calling it naivete - I'd call it pig ignorance. You'd have to be living in a box for the past several years not to be very wary of anyone looking for bank details off you over the internet.

    Next thing we'll have to do is stamp warnings on kitchen knives: "Warning! May be sharp".


  • Closed Accounts Posts: 36,634 ✭✭✭✭Ruu_Old


    JohnK wrote:
    I think it will set a precedent of muppets thinking that they have nothing to lose the next time the son of the former King of Nigeria wants to give them a $100,000,000 because they are such a nice person. Personally speaking, if someone falls for that crap they don't deserve to have the money in the first place :mad:. BOI should have held firm.

    Agreed, people must get clued in. Maybe banks need to do a little more but people need to listen and watch out for this stuff. It works both ways.


  • Advertisement
  • Closed Accounts Posts: 1,567 ✭✭✭Martyr


    Agreed, people must get clued in. Maybe banks need to do a little more but people need to listen and watch out for this stuff. It works both ways.

    XXX could do something, like run a series of programmes on fraudulent crime happening here in ireland, (with Eddie Hobbs presenting, of course) identity theft, forging passports & utility bills to open bank accounts,ATM fraud, 419..etc
    so as people are aware of what is actually possible, & what they can do to protect themselves.

    OK OK, it may inspire the odd wide boy to go & have a go himself at the world of fraud.
    But i'd say its better to educate people on the subject rather than pretend it doesn't go on at all.

    sure..why not? it would make more interesting viewing than some of the rubbish on XXX at the moment ;-) (not that i own a t.v or anything)

    As long as they don't sensationalise it too much & drag the word "hackers" into it, provide plenty of hard facts & evidence..i'd love to watch it.

    then i'd pay my license :p

    imagine the amount of crime that could go down once people get their SSIA?????


  • Registered Users, Registered Users 2 Posts: 363 ✭✭The Swordsman


    I seem to have got a fair amount of these 'phishing' emails recently and it really pisses me off.:mad:

    I wonder what would happen if you responded and gave out incorrect info e.g a made-up account number, pin number etc. Surely whoever is doing the phiishing would have to take the time to check out your (false) info. :D

    If my theory is true, then if you could get thousands people to do the same (say an anti phishing campaign), you could really piss off the phishers. :D

    What do you think? Would it work?


  • Registered Users, Registered Users 2 Posts: 4,780 ✭✭✭JohnK


    Interesting idea... It could work but you're verifying to the spammers that your email address is active and that you're reading the emails. Thats half the battle won as far as they're concerned so they'd probably use it as a selling point to their clients.


  • Closed Accounts Posts: 36,634 ✭✭✭✭Ruu_Old


    I get 2 a day either from Barclays or Bank of Scotland in my main email address.


  • Registered Users, Registered Users 2 Posts: 363 ✭✭The Swordsman


    JohnK wrote:
    Interesting idea... It could work but you're verifying to the spammers that your email address is active and that you're reading the emails. Thats half the battle won as far as they're concerned so they'd probably use it as a selling point to their clients.
    I may be wrong here, but the phishing email usually has a link to a website where you fill out all your details. You don't actually reply to the email. If an email address is required, you could give a false one.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 4,780 ✭✭✭JohnK


    I thought they usually put unique IDs on those links like most marketing companies didn't they? Maybe I'm mistaken but if its just a normal link then it probably could work alright.


  • Registered Users, Registered Users 2 Posts: 363 ✭✭The Swordsman


    JohnK wrote:
    I thought they usually put unique IDs on those links like most marketing companies didn't they? Maybe I'm mistaken but if its just a normal link then it probably could work alright.
    Right, when do we start? ;)


Advertisement