Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Permanent TSB Phishing

  • 11-01-2021 4:52pm
    #1
    Registered Users, Registered Users 2 Posts: 605 ✭✭✭


    Hi, a family member fell victim to a phishing attempt with their bank.
    They received a text message appearing to be from the bank regarding a transaction. Without realising what they had done, they clicked the link in the message and sent the requested authorisation code.
    Once done they immediately called the bank and had all access codes etc reset. Report to be given to the guards next week.
    I was just wondering what the chances of a refund are in this case? It was not an insignificant amount.


Comments

  • Moderators, Technology & Internet Moderators, Regional South East Moderators Posts: 28,540 Mod ✭✭✭✭Cabaal


    I would say extremely low, TSB's website has a tonne of warnings about phishing and what info they will or more importantly will not ask for.
    You see all this stuff before you log in everytime, see their login page which has been like this for months

    539210.png


  • Registered Users, Registered Users 2 Posts: 2,045 ✭✭✭silver2020


    Everyone needs to tell as many people as possible esp those who may be a little too trusting, that no bank, no delivery service (incl an post), no utility service and certainly not revenue will ask for any payment details to be entered on a mobile phone link.

    And no valid site of any kind will request an authoristion code via a text message or email link.


  • Registered Users, Registered Users 2 Posts: 5,667 ✭✭✭greasepalm


    Hence why i dont use phone for anything like that and only home pc.


  • Registered Users, Registered Users 2 Posts: 3,315 ✭✭✭Pauliedragon


    Hi, a family member fell victim to a phishing attempt with their bank.
    They received a text message appearing to be from the bank regarding a transaction. Without realising what they had done, they clicked the link in the message and sent the requested authorisation code.
    Once done they immediately called the bank and had all access codes etc reset. Report to be given to the guards next week.
    I was just wondering what the chances of a refund are in this case? It was not an insignificant amount.
    I got a similar text from "AIB" a few days ago. Weird thing is it came from the same account that legitimate AIB texts came from before. How does that happen?


  • Registered Users, Registered Users 2 Posts: 5,667 ✭✭✭greasepalm


    I get stuff from bank on phone notification but only use pc as safer like statement or bank had an issue with something.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 2,045 ✭✭✭silver2020


    I got a similar text from "AIB" a few days ago. Weird thing is it came from the same account that legitimate AIB texts came from before. How does that happen?

    extremely easy with the right software.

    Likewise with emails.


  • Registered Users, Registered Users 2 Posts: 71,581 ✭✭✭✭L1011


    I got a similar text from "AIB" a few days ago. Weird thing is it came from the same account that legitimate AIB texts came from before. How does that happen?

    That's your phone merging every message with AIB set as the sender. All spoofable.


  • Registered Users, Registered Users 2 Posts: 98 ✭✭dermo2014


    Same thing happened to me with BOI over a year ago, received a text and clicked on the link, money was taken from my account but got it back in full.
    The banks are insured for this kind of stuff so your family member should get their money back.


  • Registered Users, Registered Users 2 Posts: 8,695 ✭✭✭cml387


    dermo2014 wrote: »
    Same thing happened to me with BOI over a year ago, received a text and clicked on the link, money was taken from my account but got it back in full.
    The banks are insured for this kind of stuff so your family member should get their money back.

    It would be unwise to assume that because the banks are insured (allegedly.. have you proof of this) then they will pay out. If you are careless with your pin, for example, they won't, and some may maintain that falling for a phishing scam after being repatedly warned is also careless.


  • Registered Users, Registered Users 2 Posts: 2,505 ✭✭✭skinny90


    cml387 wrote: »
    It would be unwise to assume that because the banks are insured (allegedly.. have you proof of this) then they will pay out. If you are careless with your pin, for example, they won't, and some may maintain that falling for a phishing scam after being repatedly warned is also careless.

    Joe Duffy had a week or 2 long string of complaints during the summer from people who got burnt with the BOI scam. People loosing 10's of thousands with the bank giving them the run around saying theres nothing they can do. I heard multiple people saying they said things like "... you wouldnt give the keys of your house or a car to a stranger, why would you do that with your bank pac and password."

    Id imagine its quite distressing and frustrating to hear your bank deflect any responsibility here.

    In my own opinion banks needs to do better to protect venerable victims. If security standards cannot be implemented for emails and SMS protocols then banks need to do away with them all together.

    I see bank of Ireland have done an advert on this with Baz, perhaps their was a case where the boi failed to inform there customers

    If I knew someone who fell victim to this I would have them engage with a solicitor


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 3,927 ✭✭✭Grab All Association


    This is what I use for banking purposes verification etc


  • Registered Users, Registered Users 2 Posts: 3,817 ✭✭✭Darc19


    dermo2014 wrote: »
    Same thing happened to me with BOI over a year ago, received a text and clicked on the link, money was taken from my account but got it back in full.
    The banks are insured for this kind of stuff so your family member should get their money back.
    The banks are certainly not insured for this.

    No insurers in the world would underwrite such actions by customers.

    Banks in many cases will refund once, but if you are caught out again, you will find that you will not be refunded

    And who pays for the refund? - you and other customers via charges and higher interest rates.


  • Registered Users, Registered Users 2 Posts: 2,505 ✭✭✭skinny90


    Darc19 wrote: »
    The banks are certainly not insured for this.

    No insurers in the world would underwrite such actions by customers.

    Banks in many cases will refund once, but if you are caught out again, you will find that you will not be refunded

    And who pays for the refund? - you and other customers via charges and higher interest rates.

    but if numbers and protocols used are proxied by scammers. how is it the customers fault for clicking on a link that looks like its from the bank. It will show up as the bank, use the same number as the bank so in the case of SMS all the recent messages sent from the bank.
    Granted banks will never ask for this info, you cant assume responsibility lies only on the customer.
    If banks are facilitating services to communicate to customers which can be easily compromised then the bank have a responsibility to do something preventive about it.


  • Registered Users, Registered Users 2 Posts: 30,674 ✭✭✭✭AndrewJRenko


    skinny90 wrote: »
    Joe Duffy had a week or 2 long string of complaints during the summer from people who got burnt with the BOI scam. People loosing 10's of thousands with the bank giving them the run around saying theres nothing they can do. I heard multiple people saying they said things like "... you wouldnt give the keys of your house or a car to a stranger, why would you do that with your bank pac and password."

    Id imagine its quite distressing and frustrating to hear your bank deflect any responsibility here.

    In my own opinion banks needs to do better to protect venerable victims. If security standards cannot be implemented for emails and SMS protocols then banks need to do away with them all together.

    I see bank of Ireland have done an advert on this with Baz, perhaps their was a case where the boi failed to inform there customers

    If I knew someone who fell victim to this I would have them engage with a solicitor

    The purpose of the SMS messages is to provide additional security, and for 99% of users 99% of the time, they do just that. Doing away with them altogether will not make things better for customers.


  • Registered Users, Registered Users 2 Posts: 737 ✭✭✭murphthesmurf


    We've just had the same problem. I'm very good technical wise, am always really cautious with everything to do with the bank. My partner received a text message tonight from what we thought was PTSB, she rarely deletes messages and the message came through in the same thread as all her previous PTSB messages. The message looked legitimate, claiming someone was attempting to set up a payment, was this you etc. I've had similar messages before from my bank, so we clicked on the link to cancel it as it wasn't us. She immediately received a call from a Dublin number which she answered while I Googled the number. The number showed up in a search as a financial services number so seemed legit, 012124101 was the number. On shouldianswer.net it shows up as Positive Financial Services, which with the benefit of hindsight does not sound like it is part of PTSB, but I assumed it was an anti fraud unit of some sort. He was well spoken, did not ask for any numbers etc. Kept us on the phone for 20+ minutes while he "investigated" what had happened, to verify our identity he sent another text to my partners phone, which came through on the same thread as all previous messages. He said he was going to temporarily block activity on the account, online banking and did we want to also block her bank card as a precaution, which we said yes.
    After coming off the phone my partner clicked onto her online banking app to check it was blocked, it wasn't, it went straight in. Her account was empty beforehand, however my teenage sons savings account is linked to her online banking so she can pay into it. They have taken 3000 Euro from it. We rang the bank fraud line immediately and gave them all the details of what had happened, she said we are not the first and that there has been a lot of these messages go out recently. They are going to contact us tomorrow morning as to what can be done.
    I am always super careful, always drilling it into my partner and family what to do and not to do. With the text in the same thread as all previous, a call from a what appeared to be a financial services number, and the combination of text and phone call at the same time as we were acting on it I was fooled.
    With hindsight there were things I should have done and not done, but it was so well executed. They were super efficient, from the text, the website and the phone call these guys were pros. If I can fall for this with my above average tech knowledge and caution, then many more will too.
    Now my teenage son has lost 3 grand from my stupidity. Money he was going to use to buy a car when he's older.


  • Registered Users, Registered Users 2 Posts: 4 Ms gratitude


    Hi there, exact same thing has happened to me. As well, could not believe I fell for it. Can I ask, Did your case get resolved? Did you get refunded by ptsb?



  • Registered Users, Registered Users 2 Posts: 716 ✭✭✭macvin


    Banks will do their best to get the money back, but they will not give a refund.

    They have spent a small fortune advertising warnings on this repeating time an time again to NEVER give and pin number codes are other access information on the phone or email to anyone as no bank will ever ask for it.


    Yes, sometimes we are too busy and head is in a different place and we enter the information, but unfortunately that's our responsibility and not the fault of the bank.



Advertisement