a text from aib

amandstu · 28-04-2022 12:16am #1

It said my card had been put on hold due to suspicious activity and to go to www.aib.auth_user-60 to resett it.

As I was having problems with the process I tweeted aib who told I had been "smished" and freeze the card and lock online banking.

But that dodgy looking link did send me genuine looking authentication emails** from aib(or was that just forgery?)

**noreply.comms@aib.ie

Atlantic Dawn · 28-04-2022 1:22am

You can easily make an email appear from anywhere and anyone. I'd ignore all of it and independtly log in to your account to see if there's any issues with it. You will never receive a text to say your account has been locked and telling you to click on a link to reset it.

amandstu · 28-04-2022 1:59am

https://www.boards.ie/discussion/comment/118986583#Comment_118986583

Well I followed the advice from Aib.

It is very inconvenient as I have a very important parent to make tomorrow or Friday at the latest.

I wonder what information they may have got from me

They obviously have my mobile number and my name should be easy to work out.

My email address as well.

I expect my bank account will have to be set up again with new passwords ,but I wonder might they have enough to set up a false identity?

Atlantic Dawn · 28-04-2022 2:04am

How do you know they have your name?

amandstu · 28-04-2022 2:36am

https://www.boards.ie/discussion/comment/118986608#Comment_118986608

It is on the email that supposedly came from aib when I clicked on the link I showed in the OP. It asked me for an email address and when that email came through (it took an hour or so) it gave me a 6 digit code to update my profile.(which I did)

In the meantime I was contacting aib on twitter telling them that I was having problems and eventually, about 4 hours or so later they informed me that the text was a "smishing" scam and told me to go to the app and freeze my card first and then to disable the online banking facility by deliberately entering the wrong PAC number 5 times in a row.

So ,of course,that is whatI did and will be ringing them first thing tomorrow to reestablish the normal running of the online banking facility and ,I imagine arrange for a new card in the post in the coming days.

I want to learn from this and, in particular what useful information I may have given to th people behind this.

amandstu · 28-04-2022 2:41am

Just out of interest this is the (genuine) text I got from aib

" are sorry to hear this. Unfortunately this is not a genuine message from AIB. Text Message Fraud is a common technique used by fraudsters in an attempt to obtain your personal banking and card information for the purpose of identity theft or financial gain. The fraudsters send text messages that appear to come from your bank or from legitimate businesses in an attempt to trick you into supplying your personal details. These text messages can appear within a genuine thread of messages and will request that you log in to a fake website or call a number. This type of scam can be referred to as ‘Smishing’. As you have clicked on the link, please place a temporary freeze on your Card via the Mobile App under 'Cards' > select the relevant Card > 'Freeze my Card'. Once you have done this, please suspend your Internet Banking access by entering your Personal Access Code incorrectly 5 times. Please call our Customer Service team on 0818 724 724 or 003531 771 2424, if calling from abroad and a member of the team will be happy to assist you in gaining access to your account again. The lines are open 9am to 5pm, seven days a week. You will need to have your Visa Debit Card with you when you call. Please come back to us if you have any further general queries and we will be happy to"

amandstu · 28-04-2022 2:53am

This is the Central Bank of Ireland 's page on "smishing:

(doesn't seem to want me to post it for some reason)

I wonder if I was lucky that the text was sent to a dumb phone and I copied the link.into my smartphone by hand

Might that be why my bank account seems not to have been touched(I no longer have access to the app and so I can't say if they have not nibbled at it ,but they had 4 hours or so and nothing seems to have been taken)

28-04-2022 10:52am

You clicked on the link?

amandstu · 28-04-2022 12:16pm

https://www.boards.ie/discussion/comment/118987458#Comment_118987458

Sort of.It came on a dumb phone and I entered it manually into a smartphone

Have got through to aib this morning and they have given me a new registration number etc.

No logins were attempted according to aib but we are unsure whether or not we gave any card details and so the card remains frozen until we decide whether or not to order a new one

amandstu · 28-04-2022 12:16pm

I am now wondering whether a fake website (eg the www dot aib dot auth-user-60 one) could have directed me to a genuine aib page which sent me a "genuine" email containing the code to enter into the fake website

?

The fake website getting the genuine website to do its dirty work?

Would that explain how the email I got seemed to know the exact name I had furnished to the bank?

spaceHopper · 04-05-2022 10:46am

email messages are often in plain text, not encrypted, the addresses are easy to fake, you only need to change a few fields in the text. the www.abi.a1bbank.com would also be easy to do you only need to register the domain a1bbank.com for a few dollars. The company parts is always the last to parts of the web address a1bbank (domain name ) and com (domain type/registration) it's a very easy scam to set up. They can also easily copy the target website page and modify it.

zg3409 · 05-07-2022 12:02pm

https://www.boards.ie/discussion/comment/118987866#Comment_118987866

Yes. The fake website often link to the genuine website where they can then get you to log in and then they might take over your account in real time or try collect enough pin details so they can get in later. These are very sophisticated businesses and they create specific websites for aib and boi and ptsb and they often work in real time to get enough access to get through.

Sometimes they try install a virus in the phone or laptop, so later on they can intercept anything typed such as credit card numbers, gift card numbers, Amazon accounts, PayPal log in, email account for password reset email or to trawl emails for bank details, credit card numbers, home addresses. In some cases they have targeted high wealth individuals and created custom plans to drain them of money. One relatively common technique is to ring the mobile provider and try take over your mobile phone number. They claim they are a phone shop and that you lost your phone and want to transfer to new number. Once they have your number they can reset things that require a text message sent to prove you have access to the number. They are increasingly sophisticated and often their viruses are not detected by any anti virus software until a few weeks later at which point they update the virus. Similar scams ring people and pretend to be the bank or Microsoft etc. It's big business and I expect banks are losing millions if not billions in fraud.

Btrfs · 09-07-2022 3:00pm

You should never ever open any kind of links. The same goes for the "robotic voice calls" - Do Not.

If you have any doubts about anything related to your bank / post parcels / any kind of information related to YOUR personal information - Contact the bank via THEIR official website / email / phone number.

Example :

"Fake AIB sender"

""Hello, we've noticed some strange activities with your bank account, thus it is strongly recommended to visit our website so we can investigate the problem ( INSERT SCAMMER LINK HERE ! )""

What you MUST do in such a case :

Do NOT open the provided link under ANY circumstances.
Calm down, NOTHING happened to your bank account.
Open up the browser, and type : AIB.IE ( MANUALLY ).
Find the "CONTACT US" form and describe the situation, or even better - CALL THE BANK. We're talking about YOUR personal savings, remember ?
Report. I can't stress enough how important this step is. Optional : -> Report the given number & website to the bank and Gardai.
Use the forums. Report these cases in the forums, because this is how you help someone else not to be scammed, also there are a lot of people who just love to hunt the scammers down.

Again, DO NOT, please, DO NOT open any links. If the bank wanted to inform you about a problem with your card, they will CALL YOU DIRECTLY.

The same situation goes with Revenue / MyWelfare.

09-07-2022 3:24pm

I’m relatively new to coding & more in-depth tech stuff, but it is so easy to set up fake anything, once you know the steps, and it doesn’t take a genius to learn them. Yet we are all prone to be taken in by what looks potentially genuine, even the most savvy have been caught off guard in occasion.

I am learning hacking atm, and to amuse myself I sent myself a fake phone call, text etc, just to see how it is done by scammers. My phone was in the other room charging so I didn’t hear it ring, but later on I had taken my mind totally off computer stuff and was doing something completely different. I looked at my phone and for one minute I thought a friend from USA had tried to phone me, only to recall I had set up the call. I had almost scammed myself!

So, lesson is try never feel pressured into opening a link that purports to be from a bank or financial type institution. Be extremely wary of opening any link in any email unless you absolutely know you can trust it, eg my very familiar travel agent (with verified sender address) will sent me the odd link that’s exactly relevant to my travel plans, so in that selected case and a handful of others I can trust the links.

09-07-2022 4:16pm

OP when you describe..

“But that dodgy looking link did send me genuine looking authentication emails** from aib(or was that just forgery?)”

…this sounds like a so-called man-in-the-middle scenario, which is a part of hacking I am presently learning-out of curiosity and interest, to to perform scams I add hastily! In your case there, hacker directs traffic between yourself and AIB through her/his computer, so you do get to see sone genuine AIB website, but as it’s going via the hacker’s computer they can intervene and take note of sone of your details. It takes a little setting up with some code you either write yourself or using an off-the-shelf completely free-of-charge package which is intended for ethical hackers to test vulnerabilities. Though it takes a little bit of learning it’s within very many people’s capabilities if curious enough and anybody can do an online ethical hacking course.

Btrfs · 09-07-2022 5:08pm

recode, you do realize that the person might not be tech savy, do you ? :)

I'm strongly against any kind of describing MitM / SSL stripping, and... ( will stop here ) in the forum, for obvious reasons.

In the end of the day, we just need to keep in mind, that these things are happening, and they happen to EVERY operating system, no matter what kind of AV or firewall you have. Attacker can easily obtain access even in an intranet network... just because somebody clicked on the wrong link, or answered a "robo-call" and hearing a "tech support" on the other side, explaining ... "Your computer has numerous problems".

We must understand one simple rule in order to protect ourselves : Check, double check, triple check, contact the official institution, explain, ask....

Youtube has some nice guides which can help you out in the journey, and I would recommend ProfessorMesser for that ( covers everything Comptia related ).

Trust me, I would love to describe in details how thsese kind of situation works ( and they really work ), in order to protect ourselves form being scammed / hacked, but we have to take in consideration the fact that we're in the Information Security section, and such kind of information would be in violence with the rules of the forum ( and as a whole ).

Yes, there are solutions, technical ones, but they are not the only ones. One can simply take the logical steps and inform the institution described in the given case :)

spaceHopper · 26-07-2022 10:25am

Mindless question but how to the scampers fake the text sender as AIB. And why can't it be blocked?

I get them fairly often and they mix in with the ones AIB send to tell me my Cred Card bill is due.

L1011 · 26-07-2022 10:31am

https://www.boards.ie/discussion/comment/119388274#Comment_119388274

From IDs on texts are facile to fake. Banks really shouldn't have got people used to seeing texts as coming from a name not a number (not that the number isn't also fakeable, even for calls)

a text from aib

Comments