‘Insider jobs’ on rise in Ireland as fraud gangs recruit workers accessing data

So-called ‘Trojan horse’ tactics now being used to gather raw data needed for frauds

Gardaí are identifying an increasing number of so-called “Trojan horse” frauds involving suspects working within large firms, including banks and social media companies, stealing data for supply to fraud gangs.

Garda officers told The Irish Times the long-standing security risk of insiders facilitating robberies at banks, post offices and cash in transit companies had now “gone digital”, with vast amounts of data being stolen in “inside jobs” for use in frauds.

“You are talking about everything from names, addresses, dates of birth, email address, bank details; you name it,” said one source of the data being accessed by staff for passing on to gangs.

Other informed sources said while there was a perception hacking or malware attacks were the main means of accessing data for use in fraud attacks, insiders were now being increasingly used. They were accessing data, saving it on devices and then passing it on.

Last week the latest Central Statistics Office (CSO) crime data revealed an unprecedented surge of 40 per cent in frauds in the year to the end of June. One source referred to the increase as "the Covid bounce" as scam texts and emails, as well as bogus phone calls, had surged since the pandemic began.

The day after the crime data was released a young bank worker was arrested in the Midlands on suspicion of gathering bank customer information for supply to an international crime gang working in the Republic, led by West African criminals.

He is the latest bank worker to be held for questioning about harvesting data for supply to gangs. In other cases gardaí are investigating allegations that security infrastructure put in place by the banks to guard against such activity, and to identify suspicions transactions, was manipulated by insiders so their activities would go undetected.

While thefts of data from banks was a very worrying emerging trend, gardaí said any company that collected or stored data was vulnerable to so-called Trojan horse activity. The findings of some criminal investigations to date showed some social media companies with operations in Ireland had been targeted by insiders.

The findings of other Garda investigations also strongly suggested recruiters working for fraud gangs were specifically targeting two college campuses – one in Dublin and one in the west. Students there pursuing courses with an IT component were being approached by recruiters, apparently because they would soon be working in positions in major companies where they would have access to data.