AN RTÉ RESEARCHER has shared details of a sophisticated scam he fell victim to, which spoofed AIB phone numbers and stole nearly €15,000 from his savings account.
Niall Fitzmaurice explained that the scam began on Monday this week, when he got a call from someone claiming to be from AIB who said there was unusual activity on his account.
The call came from a phone number with a Dublin area code and when he searched the number online the result indicated that it was an AIB helpline.
The caller had all of his details and listed several transactions that Fitzmaurice had legitimately made, along with others that he had not.
The caller said they would block the fraudulent transactions and cancel Niall’s cards and online account; they just needed him to approve the process with his AIB card reader.
“He didn’t need any pins or passwords, the only thing that he needed was just for me to use my AIB card reader,” Fitzmaurice told Today with Claire Byrne on RTÉ Radio 1.
“Just to put my card into that and put in the pin just to prove I was the card holder. So, I did that. I followed his instructions and gave them the number that the card reader gave me, which he said was to confirm that (the cancellation of the cards and the account).”
Fitzmaurice shared details of the scam in a thread on Twitter, which racked up thousands of interactions in the last two days.
WARNING: My AIB account was hacked and my life savings absolutely raided. I never thought I could possibly be a victim of fraud but these guys were absolute experts #aibfraud
— Niall Fitzmaurice (@nfitzm) August 30, 2022
The journalist told the radio programme that he had been telling colleagues that he was glad that AIB’s fraud defences had detected the scam when he got another phone call – this time it was actually AIB – to inform of unusual activity on his account.
Fitzmaurice told the AIB caller that he had received their call the day before and the transactions had been blocked.
“There was kind of a pause for a minute on the phone and he said: ‘No, we didn’t call you yesterday’. And he talked me through everything that the person on Monday had said to me, and I said: ‘Yes, that’s exactly what happened’.
He said: ‘They were the frauds. They were the fraud people.’
The legitimate AIB customer care worker instructed Niall to visit an AIB branch as soon as possible.
At the branch he was informed that the scammers had drained his savings account of nearly €15,000, which he had accumulated over the course of recent years in the hopes of securing a mortgage.
AIB subsequently told Fitzmaurice that it would be able to cancel many of the transfers, however a large sum transferred from his credit account was under investigation so it was not known whether it could be retrieved.
“I’m 31 years old and I think of myself as quite tech savvy. I always help my parents and older relatives if they are having issues with anything. So, I never thought I would be the victim of something like this. They were just so convincing and so good at what they did,” Niall said.
Ronan Murphy of Smarttech said the type of scam Fitzmaurice fell victim to – which is known as smishing –is becoming increasingly common and generating hundreds of millions of euros for fraudsters.
The goal of smishing (a combination of “SMS” and “phishing”) is to trick people into opening a malicious attachment or link.
“It’s multi-phased in its approach and it’s scattergun in nature. What they do is they target a victim and they assume, as in Niall’s case, that they’re with a specific bank. When you think about Ireland, it’s quite easy, because we really only have two banks. So, there’s a 50% success rate that when you get the text you’re with Bank of Ireland, or you’re with AIB,” Murphy explained.
The fraudsters use SMS spoofing, which makes it appear that their phone call or text message is coming from a legitimate organisation, such as AIB.
The messages usually look for information or claim that urgent action is needed, such as clicking on a link.
Murphy explained that the second phase of the attack also involves spoofing telephone numbers, where the scammers now attempt to “hack the human”.
You’ve gone out of the digital realm and you’re going into actually hacking the individual. You need to convince them that what is happening is legit and they’re going to try and get you to cancel your account and set up a new account.
“If these guys can get the victim to disclose the kind of unique eight digit codes which these devices spit out when they’re trying to change or transfer funds, then you’re in serious trouble,” Murphy added.
AIB confirmed that Fitzmaurice will be fully reimbursed for all his losses.
“Very sophisticated fraudsters target people by sending text messages claiming to be AIB and/or other legitimate companies. AIB never sends links in unsolicited texts or emails, requesting online banking and card details, or for the return of a card. We urge customers to be vigilant at all times,” the bank said in a statement.
“Never click on a link that appears in a thread and give their details. We urge customers to contact us as soon as possible if they feel they may be victim of a scam. Unfortunately, in some cases, it may be too late and the payment has already been received by the fraudsters and withdrawn from the fraudulent account,” AIB added.
To embed this post, copy the code below on your site
have your say