STATEMENT
The banking industry has been the subject of a spate of "phishing" attacks recently that have been the subject of widespread media publicity. "Phishing" is the use of fraudulent
emails to attempt to extract confidential and personal information from a customer. Since
Bank of Ireland first received notification by customers of 'phishing' attacks on their
accounts, the Bank has undertaken an extensive communications programme with customers to
ensure that they understand fully what 'phishing' is, what to do if they receive an email
and also re-iterating that customers personal log on information is their responsibility and
customers should never disclose this information to anyone. This campaign includes a
detailed statement and warning on www.365online.com and a detailed fraud brochure issuing to
all customers with bank statements and available in branches.
Because the security of the personal log on information being sought is the
responsibility of the individual customer, Bank of Ireland has always taken the view that it
would not refund customers where their disclosure of such information leads to their
accounts being defrauded.
As a business committed to the highest quality of customer service, Bank of Ireland
always reviews situations on a case-by-case basis regardless of the issue involved.
Customers that have been refunded by the Bank recently were done so, having reviewed their
cases and on the exceptional basis that "Phishing" was not widely known or understood by
customers and was a relatively new phenomenon in internet banking in Ireland.
However, the Bank wishes to reiterate its policy that it does not refund customers that
are the victims of 'phishing' attacks. Personal log on information is the responsibility of
the customer, to whom the personal log on information was issued and it is vital to the
integrity of the system and the security of the individual's account that this remains so at
all times.
Phishing is a type of online fraud, whereby you receive an email that claims to be from Bank
of Ireland or another financial institution asking you to verify or re submit confidential
personal banking information. You are re-directed to a hoax website that looks similar to a
legitimate website such as Bank of Ireland's online banking site, www.365online.com. There, you are asked to input your personal
log on information such as online User ID, full 6 digit PIN and password information (i.e.
date of birth and last 4 digits of your telephone number).
We have a golden rule in Bank of Ireland that we tell our customers ? DON'T
DISCLOSE:
Bank of Ireland never requests that customers give full personal log on information such as
online User ID, full 6 digit PIN and password information (i.e. date of birth and last 4
digits of your telephone number), either over the phone or online, in an unsolicited
manner.
If you receive one of these emails:
- Do not click any links or open any attachments
- Do not input any personal / account information even if it appears to be from Bank
of Ireland
- Forward the email to 365security@boimail.com immediately
- Then delete it without clicking on any links or attachments
- If customers have any concerns or any questions they should contact us immediately
(1890 365 365)
