AIB fraudulent transactions

redmissb

https://www.boards.ie/discussion/comment/118842659#Comment_118842659

The letter stated he authorised the transactions by clicking on push notifications, he says he didn't click on any push notification. Yes he logged in and entered one verification code.

Look I'm not saying AIB have a responsibility to refund him, it was an AIB staff member who told him he should appeal the decision so that's why I was wondering if anyone got a refund in similar circumstances. I'm not arguing that he's entitled or should expect a refund as you seem to be implying.

Yes I did say I know about these types of scams, not sure what difference that makes.

Ohmeha

How soon after your son entered his details on the fraudulent text were the 14 transactions processed on the account and how soon after all this did AIB contact him? Have AIB provided full information on the transactions, were they all instantly processed, were they sent to crytpo.com as SEPA, SWIFT transactions etc.?

All banks were required recently enough under PSD2 regulations to upgrade their fraud detection systems, obviously something was flagged after the horse had bolted. I would be quizzing AIB on all the above questions because if a fraudulent transaction is identified quickly enough before processing they can internally block transactions to fraudulent accounts held with external banks and with SEPA if its processed and caught on the same day a cancellation will reject the transactions back

redmissb

https://www.boards.ie/discussion/comment/118842816#Comment_118842816

AIB texted him an hour after transactions went out, it happened on Monday and they were pending till Thursday.

I'm not sure if they were SEPA etc,

HalfAndHalf

https://www.boards.ie/discussion/comment/118842762#Comment_118842762

Something doesn’t add up here.

If AIB are saying that your son authorised by approving the MFA push then if he hadn’t, the transaction would fail. That’s how it works. The bank is literally holding the transaction until you approve, if you don’t approve then it fails the transaction.

Without knowing more about what details he provided the scammers then for all we know the scammers were able to redirect the MFA pushes to themselves, if he’s provided the relevant info to sign into the app.

Again that wouldn’t be AIB’s responsibility.

Deub

https://www.boards.ie/discussion/comment/118842685#Comment_118842685

Thanks. I read the article and searched for some more. It says it is a collaboration with several stakeholders. It means that AIB on its own cannot stop these texts appearing as AIB messages. It also says that, in Ireland, 3 mobile operators are part it. There are 9 mobile operators so it will continue to happen to some customers unless all of them decide to take part of this process (to be honest, it should be mandatory).

kaymin

https://www.boards.ie/discussion/comment/118842762#Comment_118842762

The push notification is just to receive the SCA code - he must have sent this different code on to the fraudsters 14 times otherwise the transactions wouldn't have been authorized.

Jim2007

Mod Note: I have removed some posts that were a distraction and pulling the thread off topic.

Jim2007

https://www.boards.ie/discussion/comment/118843672#Comment_118843672

No disrespect to the OP, but I would not assume the original description to be entirely accurate, he is relating what he was told by his son. He did mention that at some point the son logged in and provided a code.

The bottom line is that the money is gone and unless the bank decides to make some kind of compassionate payment to a young customer I doubt it is coming back.

yoyopfk

Hi,

Same happened to myself on 15th of March.

I was on my way back home after the work, tired and got this message about security update. As it was shows up under AIB messages thread I did click on it and I was 100% sure I am in AIB online banking aplikation on my phone. So I've logged in and got confirmation code which I confirmed. it was around 4:30pm.

Then got finnal message says our system is down to updating security and only phisical payments can be done.

At the evening I went to Super Value do quick shopping and once I used my card got message if that was me spent 70 euro in UK. I typed no, and got another message saying somebody from card team will contact you.

As I suspected there is something not right I tried to log into my banking account and I couldn't.

10 min later I got phone call from Card Fraud Department, and after confirm security questions I've been told there is many transaction done under my account in UK for nearly 3500euro, and ask me if that was me using my card in Ireland. I confirmed. Also, find somebody put my account on hold.

I've been told all the transaction has been catch up so don't worry, money will be returned to my account in 48h, new card will be sent next day and I have to ring AIB to unfreeze my account.

As it was St.Patrick weekend I was waiting over the weekend for new card ( as I've been told by phone I can't do anything with account until will get new card ) I got the letter says 3 big transaction for nearly 4000 euro will be not refunded because I did authorised them via push notifications but I didn't.

Only small transaction has been returned so far( under 100 euro ).

Have been told to appeal the decision which I did via letter sent to AIB last Thursday and still didn't received any updates

redmissb

https://www.boards.ie/discussion/comment/118847495#Comment_118847495

I'm so sorry you were caught out too, I hope you get an update soon. My son sent off his letter yesterday so we'll see what they say anyway. Best of luck.

CreadanLady

The reason these scammers exist is because they have people queuing up to hand out their money. Seriously, anything coming in on text or email that gives a link and asks you for information is 99% a scam.

People need to wise the fúck up, it is the only way to stop it.

yoyopfk

https://www.boards.ie/discussion/comment/118850308#Comment_118850308

I hope it will never happen to You. As I was 100% they will never get me that way, until they will get into You in right time when there is too much thing on your head.....

yoyopfk

https://www.boards.ie/discussion/comment/118850239#Comment_118850239

Thank You.

Best of luck to Your son, too. He is not alone in this so i know that feeling well as many other people

CreadanLady

A simple rule to live by is to never engage with cold contact that is asking something.

Even whatsapps purporting to be from a friend or relative that are asking for something out of the ordinary. If there is doubt, ask them to ring you discuss. If it is legit, then there will no problem.

TuamJ

https://www.boards.ie/discussion/comment/118850543#Comment_118850543

I don't agree with the tone of some posts, bit harsh, buts it's clear from this thread and from the few people I know who also got stung that there needs to be an ad on telly/streaming platforms/online explaining to people how these scams work, how urls work etc... I get why you thought you were on their app but if you knew what a fake url looks like you never would have clicked. To some of us, a fake url is like a fire alarm. The AIB scam texts use urls like aib.auth-20 or aib543-online or online-aib-login etc... My mate did not know that AIB would never have a url like that, he didn't even cop it after he got hit and only understood why that was a huge red flag until i explained it to him.

So, it's not so much that idiots are ready to part with their money. it's that lots of people (inc young people) are using the internet every day but they do not know some of the basics of online security. They don't know that Amazon will never send you a link to amazon123.com, that an email coming from help@amazonsonline.com is not Amazon, that yourestaonline.ie is not the official US government website to get your esta. Even when they get hit they think it was an elaborate sophisticated scam and never learn that it's a blatant fraud trap easily identified by looking at urls and email addresses.

Seth Brundle

I would dispute that @TuamJ. People have been told not to click on links in texts and emails. People have been told by their banks not to assume that emails and texts are genuine. Most people would have received some form of written notification tucked in with their bank statement e.g. a flyer about not clicking on links. People have been told from various other sources about scammers.

And yet they still click the links, still enter their online login details and still have their money stolen!

In my own organisation, we've had various campaigns by IT about being vigilant and not clicking links in any mail that may be suspicious. We're warned about phishing scams, etc. but despite this, in internal phishing exercises where we make it somewhat obvious that its a dodgy mail, we still see educated people open the mails and follow links.

People are the problem and no matter how many times you tell them, there will always be some who put their finger on wet paint!

steve-o

https://www.boards.ie/discussion/comment/118843460#Comment_118843460

There are many mobile brands and virtual operators in Ireland, but there are only 3 network operators and all 3 are participating. AIB (and BOI) have no excuse if they don't register and protect their sender ids.

Deub

https://www.boards.ie/discussion/comment/118852676#Comment_118852676

Do you have a source to confirm all 3 main network operators are participating?

i see they mention high street banks without mentioning names.

steve-o

https://www.boards.ie/discussion/comment/118852766#Comment_118852766

It's on the announcement linked in the previous thread: "Supported by all 3 MNO’s"

https://www.boards.ie/discussion/comment/118852793#Comment_118852793

I doubt they'd make the details public, but I'd presume that messages using a registered sender id will be blocked unless they originate from the registered source

LordBasil

This happened to me.

Around 3 weeks ago, I got a message via my phone from 'AIB' advising me of suspicious activity. As it came from AIB or so I thought, I entered my details. The next night, around 1am, got a message via my app requesting authorisation for Just Eat purchases in GB Pounds which I refused. No money was taken out. The same thing happened the next night. I cancelled my card and ordered another. I got my new card last week.Then I got phone call from 'Derek' from AIB who wanted to check on suspicious transactions and make my online banking more secure. He was able to tell me my personal details and also the most recent transactions on my account so took it that he was genuine. I gave him my card details. He said he was gonna send me a codes via the app to verify/strengthen my online banking. He asked me to quote codes back to him and then told me to not check my online banking app for 30 minutes. He said he'd call me back in 30 minutes. I then received a text from AIB asking me to verify/approval for a revolut transaction for a small amount. I said no. I then checked my app and saw my account was cleared out with a high value purchase pending. I was left with a few euro. I started to panic and realised I'd been defrauded.

Luckily the AIB Customer Service Helpline was still open. I got through to the online banking section. The lady advised me that criminals can clone both AIB text number and the APP and that there was attempts to sign my account up to Apple Pay and Google Pay. She cancelled my new card and got me to change my banking login/ID numbers. I was then put through to the card payment section and explained what happened. The officer was able to cancel the purchases and advised me that money would be refunded, which it was the next day.

I was very lucky not to lose my money. Looking back there were some red flags that I didn't notice. I felt like such a gobshite. I'd advise anyone not to enter any details to any links sent from your 'bank'. Freeze your card on the app and call the bank directly as soon as you can if you receive suspicious messages. Do not engage any calls you receive from your 'bank'. It was a horrible experience, I wouldn't wish on anyone. I learned a valuable lesson. I won't make the same mistake again. I hope anyone who was robbed can get their money back.

XVII

Yes, the same thread is what confused me too some time ago.

A year ago I got a suspicious message which I thought back then was a spam, so I blocked the number. Then few months later I was trying to make a transaction of around 1k but was never receiving a temporary 6 digit code via text. Contacted bank support a few times, tried to contact shop few times, there was still nothing after a week. Only then I realized that it was probably coming from a number which I blocked previously. And yes, there were 20 missed texts from that number.

But that's not the end. After I unblocked the number, I got another text with some weird link some time after, which was obviously a scam. All in the same thread. It's very ridiculous if you ask me, they need to improve their security policies first.

yoyopfk

https://www.boards.ie/discussion/2058238851/aib-fraudulent-transactions

I have an update in my case. All money back to account.

So, first of all tell Your son to take this letter claiming to come from AIB, print any messages screenshots ( any evidence he has ) and go to the nearest Garda station report the fraud.

Then at the morning time tell him do no ring anyone but take everything again and tell him to go to his AIB branch , show them the letter and tell what happened from very beginning. And he will hear the truth.....

Edit Removed personal attack

Jim2007

https://www.boards.ie/discussion/comment/118857454#Comment_118857454

First of all don't confuse AIB's position on the matter and you're actual legal rights. And second it was your son's fault and unless he learns this he may find himself in a situation where the bank may not be as accommodating in the future.

Do you and he understand why he was asked to main a complaint to the Garda.

L1011

https://www.boards.ie/discussion/comment/118857454#Comment_118857454

In your situation, the bank stopped the transactions and hence the money was never actually gone.

Not, in any way, comparable to the OPs situation.

Pentecost

Yes if the money hasn't left the account yet and it's on hold it won't cost AIB anything to return the money. If it's gone they won't be in a hurry to pay it back out of their own funds.

yoyopfk

https://www.boards.ie/discussion/comment/118860784#Comment_118860784

No, actually payments went through. Big "digging" to find whats happened but got this at the end thanks to one of the AIB branch manager.

ARX

https://www.boards.ie/discussion/comment/118852592#Comment_118852592

"To some of us, a fake URL id like a fire alarm".

This is exactly it. I've worked in IT security, so to me a dodgy URL is like a guy with a stripy jumper and a sack marked 'SWAG'. And I think "how could anyone not realise that this is dodgy?" And then I read posts on - say - the DIY Car Maintenance & Repair forum and I realise that I know virtually nothing about almost everything, so it's unreasonable to expect everybody to be able to spot dodgy URLs.

Matters aren't helped by banks using URLS that aren't even subdomains of their own domains - like BoI using 365online.com instead of, say, 365online.boi.com. So it's not unreasonable that someone should think that, say, 365-online.com is a legitimate BoI URL.

Telling people to just wise up shows a lack of understanding for the financial situations many people find themselves in. As an example from above, you're on your way home from work, it's a long weekend coming up, you get a message on the genuine AIB text thread saying you need to take action to stop your account being frozen.

So bear in mind, for many people that little piece of plastic is how they are going to get dinner that night, maybe heat their homes, access public transport.

Also bear in mind that actually contacting the bank is almost **** impossible, especially at the weekend, and I think this is where the banks are really failing their customers.

So there is a lot of fear involved. And I think it is reaching a critical point at the moment. Accounts are getting frozen more and more and there are queues at banks who have insufficient staff to deal with the problem. And I don't think they are capable of it. I think they are losing the battle.

I would always advise anyone, where possible, to hold a back up of cash to get them over a few days.

Pentecost

I don't disagree with most of that. The scams are prolific. Now she's not exactly tech savvy and god knows what information she has given out to various websites but it seems like every day my 70+ year old mother is asking me if a text or a call she got is a scam and most of the time it is.

She's afraid to answer the phone to any number she doesn't know. I tell her that if she doesn't give them any information they can't do anything but she's afraid of her life someone could take the little money she has. Payments to companies abroad that you haven't paid before would be where I would say the banks could be more alert but at the same time they'll have people going nuts at them for declining genuine transactions.

yoyopfk

https://www.boards.ie/discussion/comment/118861548#Comment_118861548

I don't know if you are aware but there was big personal information leakage to the black internet few times in the past, even from HSE and not only in Ireland, so frauds can have access to any information regarding your or anyone personal life.....

My advise is if anything happened to you , don't try to sort it out via phone or AnPost , take your ID and go report it to nearest Garda Station then go to your bank branch and talk to somebody there... You can't even know what is happening at the "backstage"....