Once cybercriminals start to drip-feed stolen HSE data online, fraud attempts will follow

An avalanche of cyber fraud is coming our way – here’s how to keep safe

Ireland has been on a heightened state of alert ever since shadowy hackers seized control of the Health Service Executive’s computer systems and threatened to dump confidential patient data on the dark web. The sudden and almost overwhelming focus on cybercrime has meant that every unexpected phonecall, text, WhatsApp message, email, Facebook friend request and all the rest now come with a side order of suspicion and even fear.

The grim reality is that all that suspicion and fear is with us for the long haul. With so much personal information compromised in the ransomware attack from the Wizard Spider criminal gang, the fear is that unsolicited contacts, requests for information, spam and phishing attacks will be with us for months if not years.

Gardaí have said they are expecting an “avalanche” of fraud once the cybercriminals start to drip-feed the stolen data on to the web. Information sold or dumped on the dark web has a nasty habit of resurfacing a long time after it was first compromised which is why people will need to be on guard against bogus communication for a long time.

They should also be mindful that criminals and scam artists – even those who have absolutely nothing to do the Wizard Spider attack – will have been watching how things have been unravelling and working out ways they can profit from it.


In the days ahead we can expect a wave of bogus calls from criminals claiming to be from the HSE asking for “deposits” for medical procedures or threatening to publish sensitive patient data unless they receive a payment. Scammers may also ring from phone numbers which appear to be genuine, including official Garda numbers.

Criminals are skilled at exploiting situations and will be piggybacking on the ransomware attack and hoping to take advantage of people’s fear just as they have sought to exploit the Covid-19 crisis and Brexit and almost every other event – big and small – that you can think of.

In many ways we are living through a perfect storm and criminals have the wind in their sails like never before. Over the past 15 months people have been working from home, and socialising and shopping online, in numbers never seen before.

Even before the cyberattack on the HSE people were increasingly fearful that the way we live was leaving them exposed to attacks by fraudsters operating in the virtual world.

A study by Bank of Ireland released late last year found that 62 per cent of consumers were worried about being targeted by online scam artists, with 43 per cent saying they feel more exposed to such threats because they are spending more time online due to Covid-19.

Scams – new and old – to watch out for

1 A new telephone scam recently surfaced which has seen criminals impersonate staff at the Office of the Attorney General in an attempt to mislead people into thinking they have been the victims of identity theft or other criminal acts. The perpetrators have even been able to piggyback on the real telephone number of the Attorney General's office – 01-6314000 – to add an additional layer of apparent legitimacy to the deception.

As well as falsely claiming that the recipient of the call has been a victim of fraud or identity theft, where their identity has been used for drug trafficking or money laundering, the criminals may also claim there is a legal case against the person and a warrant out for their arrest. Personal details including PPS numbers and/or bank details are sought.

All such calls are bogus and – in a refrain that we will use more than once on this page – the AG’s office will never make unsolicited calls seeking PPS numbers or bank details from anyone. Ever.

2 Remember when Brexit was all we talked about? Then Covid came along and relegated it to the inside pages of our newspapers. It made a brief resurgence early this year when the realities of the UK leaving the EU became clear. Almost overnight, shopping on UK-based websites became problematic with delivery issues and taxes suddenly entering the frame. Scam artists were paying attention and were quick to take advantage of a surge in genuine messages from delivery companies seeking Brexit-related taxes and charges by sending out bogus alerts looking for financial details from unsuspecting consumers.

In such messages recipients are asked to pay additional costs for customs clearance prior to the delivery of parcels. In some instances these emails and texts have been circulated in Irish. The key to protecting yourself is to slow down. First verify the delivery status of the package directly with the relevant postal service or courier and never click links in unsolicited texts or emails, provide payment details or give away personal data such as PIN, card numbers or passwords.

3 Covid scams have grown in popularity over the past year as criminals have exchanged ideas for stealing our money on the dark web. A simple scam from early in the crisis was the email which falsely claimed to be from the World Health Organisation. It asked recipients to click on a link to access safety measures regarding the spreading of coronavirus and once the link was clicked it activated malware to infect devices. Criminals have also tried to extract financial details from vulnerable people by pretending to be from the Department of Social Protection seeking information to process the Pandemic Unemployment Payment. Later in the crisis, criminals also claimed to be from Revenue and tried to get financial details under the false premise that they were needed to process tax returns.

4 The bitcoin blackmail scam is a couple of years old but if passwords have been compromised in the HSE attack, it is likely to resurface in a significant way.

The scammers send emails containing details of an actual password belonging to the victim. The criminals use the fact that – as a result of a data leak – they know a “secret” password to give their correspondence credibility. They claim to have infected the victim’s computer with a virus, allowing them to record what the person watches online. The email suggests that a tape of the victim watching pornography exists and will be widely distributed on the web unless bitcoin is transferred immediately.

5 Most of us would have been lost over the lockdown months without streaming services including Now, Netflix and Amazon Prime. But criminals have not been slow to recognise their popularity and our reliance on TV when there was nothing much else to do. One recent scam has seen people getting calls from an automated voice warning that the recipient's Amazon Prime account is set to be renewed at a cost of €70 or $80. The automated voice asks people to press one to cancel the auto-renewal. By pressing one the victim will either be transferred seamlessly to a premium rate number where the charges will quickly start to rack up or they will be transferred to a real voice who will attempt to extract money from them with the promise of a refund. Bear in mind that Amazon will never call you to offer you a refund or ask you to renew a service.

Another scam targeting Netflix users is also out there. The emails claim to be from the streaming company and they ask for updated payment details. The email uses fake Netflix branding to fool customers and is more plausible than many phishing scams as it replicates messages the company sends out when credit or debit cards used to pay the monthly fee have expired. The email attempts to redirect customers to a fake website dressed up to look like a genuine Netflix page and users are asked to update payment details because of “problems processing their cards”.

6 WhatsApp has not been immune to the scammers either and one recent scam has seen people getting messages from contacts asking for a six-digit code sent by SMS in error. The message asks the victim to transfer the code to them and stresses the urgency of the request. The code is actually the security code to allow scammers activate your WhatsApp account on another device. Once that is done they can start accessing your contacts seeking information.

7 Travel for non-essential reasons has been off the table for more than a year. That means people in the market for high-end items such as mobile homes, cars and even boats have been at the mercy of scam artists who set up bogus UK-based websites promising to sell such things for prices that seem too good to be true. They are too good to be true. According to a recent report by Irish Times crime editor Conor Lally at least 12 Irish victims have lost a total of €83,000 after they paid it to a fraudulent boat sales site and to another seemingly related site selling caravans and camper vans.

The websites offered to deliver boats, caravans and campers to clients in Ireland who were unable to go to the UK to collect them due to coronavirus travel restrictions. Because of that offer, the sites drew in a lot of Irish victims. Those taken in by the scam are convinced the two websites, which appeared in March and April, are being run by the same people because of their identical layouts and modus operandi.

8 Another enduring scam sees a call coming to the target's landline from a telecom operator. Targets are warned their broadband will be cut off within 24 hours unless they act and to press the number one on their handset to continue. People are then persuaded to divulge personal and/or financial information or to click on a web link to download software that may compromise the customer's computer. The scam has absolutely nothing to do with any phone operator – obviously – and it could be any company the scam artists pretend to be from. The key thing is to never disclose any information and never visit web pages suggested by a cold caller.

9 Moneylending websites which claim to offer quick access to cash to applicants who have struggled to borrow money from more legitimate sources are completely bogus and prey on the most vulnerable people. Such sites promise loans once applicants submit basic personal details. After, they get a call confirming their loan application has been approved and that an "advance fee" is sought. It is not enormous. But once it is paid, the offer of the loan disappears.

10 The long-running Wangiri scam sees scammers leaving missed calls from mysterious numbers on mobile phones. When calls are returned they are diverted to premium rate numbers overseas – to the victim's cost.

11 Any email from a bank, the National Lottery, Revenue or Ebay, or almost any other company you can think of, asking for key details, such as passwords or bank account numbers, so they can update accounts with enhanced security features or send money, are to be treated with extreme caution. No reputable organisation will ever contact anyone in such a way.

12 "Hello My DEAREST FRienD. My name Mortine Allowalalalaland and my housbond died directer of Bank of Ingold with have urgent, secrid of business deal just for you. Diamons in case. For you. Call me. Help me get money out of my country. All the millions for you. Good person." These mad emails must work on some people, otherwise we wouldn't still be getting them. You'd almost miss all those illiterate and hilariously outlandish spam emails from days gone by. Mind you, they haven't gone away so any time you get an email like this, remember there is no suitcase full of dimanonds waiting for you.

Ways to stay safe

Be suspicious and take your time. Every request that is even slightly out of the ordinary should be treated with deep suspicion. Ask yourself why you are being contacted and by who. If you are being put under pressure to do something quickly, warning bells should ring loudly. A key attribute of a scam is a demand that you act fast or miss out on a deal or risk losing money.

Always pay close attention to the email address that correspondence comes from and the website address you may be directed to. One clear sign that communication from a bank, for instance, is bogus is that while the website you are directed to visit may look legitimate, the address is something along the lines of www.2bankofireland.com. It is important to remember that skilled criminals can find ways to fake website addresses or emails, so even if it looks genuine be suspicious. And, at the risk of repeating ourselves, a bank, the tax man or any other reputable organisation will never, ever ask for your personal details over email. If you want to be extra careful, use a website checker, such as Google Safe Browsing, to see if the link is flagged as potentially fraudulent.

Always pay attention to the words used in the correspondence. If there is anything jarring about the language, it is likely to be dodgy.

And finally, as we have said many, many times on this page, if something seems too good to be true then it is.