B of I backs down belatedly on cybercrime-hit clients
Cantillon: Beware of odious online thieves impersonating banks to rob the vulnerable
Bank of Ireland chief executive Francesca McDonagh: Bank was bashed on RTÉ’s Liveline over its refusal to accept responsibility for fraud losses. Photograph: Laura Hutton
Covid-19, as we know only too well at this stage, has brought out the best and the worst in humanity.
But a particularly odious lot have been fraudsters globally preying on vulnerability at a time of fear and anxiety, from purveyors of counterfeit medical supplies to gangs taking advantage of a dramatic shift of everyday activity online in recent months.
Interpol warned last week that cyber-criminals are targeting individuals at an “alarming pace”, with online scams and “smishing” or “phishing” schemes – the practice of luring people to give away financial information that can then be used to defraud – even being adapted to carry a pandemic flavour.
Revenue and the Department of Employment Affairs and Social Protection, for example, have been impersonated in recent months as part of phishing attempts made via text messages telling people they were entitled to Covid-19 benefits if they clicked on certain links and provided financial details.
On Sunday, the Financial Services and Pensions Ombudsman (FSPO) issued a warning for consumers to be vigilant after it learned of phone calls being made in its name, with individuals claiming to be arranging refunds of €3,000 relating to “bank overcharging”.
A particularly rich vein for fraudsters in recent years, however, has been where the perpetrators claim be the banks themselves. Banks often suck up the losses.
But Bank of Ireland endured a bashing in recent weeks on RTÉ’s Liveline radio show, where dozens of victims told of how they lost money after responding to fake text messages from the bank – with the company refusing to compensate victims as they had provided their pin codes.
Bank of Ireland’s group chief executive Francesca McDonagh said it equated to handing over the keys of a car to criminals. In other words, that the customers had been grossly negligent – a get-out-of-jail card for banks and financial firms under EU payments services regulations.
The argument doesn’t hold water. The bank customers clearly thought they were communicating with their bank, providing details in response to official-looking text messages. Bank of Ireland’s belated decision to back down on Monday and offer refunds to victims is to be welcomed and avoids showdowns with the Central Bank and FSPO.
But the lesson for consumers is clear: be vigilant and don’t hand out private financial details to anyone over the phone or online.