Is info@boimail.com fake?

OldMrBrennan83

I'm presuming it is, but just wanted to double check. Thanks.

Bank of Ireland: Tara

Hi Patww79,

Thanks for your post.

We do issue emails from that email address but if you would like to forward the email you received to us at 365security@boi.com we can confirm if the email has come from us.

Thanks
Tara

OldMrBrennan83

This is the mail here. What had me wary is that the url's in the last picture (ie www.bankofireland.com/privacy) actually are all boimedia.customerminds.com redirect url's.

Bank of Ireland: Tara

It does appear to be valid but if you can forward it on to the email address I’ve provided, we can check it can get back to you to confirm.

Thanks
Tara

OldMrBrennan83

Bank of Ireland: Tara wrote: »

It does appear to be valid but if you can forward it on to the email address I’ve provided, we can check it can get back to you to confirm.

Thanks
Tara

Grand I will thanks.

cantalach

I got one of these mails today too. If this really is from BOI it is almost indistinguishable from an identity theft phishing mail.

As a previous poster has pointed out, the links purporting to go to www.bankofireland.com actually go to a completely different domain. Four different domains feature in this mail (boimail.com, bankofireland.com, customerminds.com, which50-email.com). This is precisely the kind of red flag that people are encouraged to watch out for and it would really amaze me if a bank of all things was doing this for real.

Another thing that makes me suspicious is the vague language which suggests that complying with the request is optional ("I’d appreciate it very much if..."). If this is something mandatory it should be clearly stated. The fact that it is in the first person is a bit weird too - almost like he's asking us to help him out.

Bank of Ireland: Jennifer

cantalach wrote: »

I got one of these mails today too. If this really is from BOI it is almost indistinguishable from an identity theft phishing mail.

As a previous poster has pointed out, the links purporting to go to www.bankofireland.com actually go to a completely different domain. Four different domains feature in this mail (boimail.com, bankofireland.com, customerminds.com, which50-email.com). This is precisely the kind of red flag that people are encouraged to watch out for and it would really amaze me if a bank of all things was doing this for real.

Another thing that makes me suspicious is the vague language which suggests that complying with the request is optional ("I’d appreciate it very much if..."). If this is something mandatory it should be clearly stated. The fact that it is in the first person is a bit weird too - almost like he's asking us to help him out.

Hi cantalach,

Thanks for getting in touch with us here.

If you are unsure of any emails you have received claiming to be from Bank of Ireland we would ask that you forward this to our security team at 365security@boi.com and one of our advisors will be more than happy to look into this and confirm it for you.

Thanks again for being so vigilant, Jen.

Kalix

I got an email today about "Advance notice of changes to our banking services" from the same email address (info@boimail.com).

It has all the red flags of a phising/malicious email. You need to talk to your I.T. security team for advice and/or whoever is responsible for writing these messages, because if this is common practice, eventually someone malicious WILL trick thousands of BOI customers into clicking malicious links/attachments.


Never ask users to click things, and they will know not to trust BOI mails that ask them to.


1. Suspicious email address
2. Asking me to open attachments
3. Asking me to click links (which on hover display "customerminds.com" URLs, not BOI ones...)
4. Sometimes BOTH AT ONCE ("Please click below to see how to do this. Alternatively, view the attached new banking app guide")

There could have been a web page on https://www.bankofireland.com/ with the relevant information, which users can safely visit.

This is shockingly bad practice for a bank, one of the single most important online accounts many people own.

Kind Regards,
A Concerned Customer

my3cents

If the bank are sending you an email then they will know who you are I just bin any email that starts "Dear Customer".

Bank of Ireland: Lorna

Good morning guys,

Thanks for raising this with us. I will pass on your feedback.

We are currently sending out emails to our customers regarding updates to our Terms and Conditions to meet psd2 requirements.

If you are unsure of any emails you have received claiming to be from bank of Ireland, you can forward them on to 365security@boi.com and we'll verify this for you.

Thanks,

Lorna

Paranoid Bob

Kalix wrote: »

I got an email today about "Advance notice of changes to our banking services" from the same email address (info@boimail.com).

It has all the red flags of a phising/malicious email. You need to talk to your I.T. security team for advice and/or whoever is responsible for writing these messages, because if this is common practice, eventually someone malicious WILL trick thousands of BOI customers into clicking malicious links/attachments.


Never ask users to click things, and they will know not to trust BOI mails that ask them to.


1. Suspicious email address
2. Asking me to open attachments
3. Asking me to click links (which on hover display "customerminds.com" URLs, not BOI ones...)
4. Sometimes BOTH AT ONCE ("Please click below to see how to do this. Alternatively, view the attached new banking app guide")

There could have been a web page on https://www.bankofireland.com/ with the relevant information, which users can safely visit.

This is shockingly bad practice for a bank, one of the single most important online accounts many people own.

Kind Regards,
A Concerned Customer

Kalix,

This was brought up on this forum before; almost three years ago now. https://www.boards.ie/ttfthread/2057604580
Bank of Ireland are well aware that this is bad practice but continue with it anyway.

I believe the mail today was particularly bad in that it included a link directly to the login page of 365 online, something the bank swears it will never do.

I've forwarded a message to the security email address, but I've sent them so many of these that they don't bother even replying to me any more.
The mail you received is almost certainly from Bank of Ireland despite having, as you said, all the red flags of a phishing / malicious email.

my3cents

So how come this email (see post #3) says Dear Customer when I received a different notification today that said Dear my3cents (well not my3cents but my real name)? If they can use a customers name in one email why not all of them?

QuasiZZ

I, too, received one of these emails. To quote a BoI Rep here...


However the difference between a spam and our genuine emails is that we would never ask you to disclose any account or personal details in a email.


However, the current email asks me to confirm my mobile number and, to do this, provides a link supposedly to "[font=Arial, sans-serif]www.365online.com"[/font]. I say supposedly because the actual link is to "customerminds<dot>com" . I haven't clicked on that link, so I don't know where it ends up, but almost certainly I would end up on a site which looks like a BoI site and includes a login link.

My mobile number is personal data and I am being asked to logon to a site to change/confirm it. This seems to directly contradict BoI's "safety" rules.

Please, please, please use one domain only. Show that you care about your customers' security and privacy.

Thanks,
Q.