Fraudulent Email Alert from Bank of Ireland
national |
miscellaneous |
news report 
Saturday March 19, 2005 00:25
by boi
Bank of Ireland wishes to alert its customers to ignore any emails they may have received from a source purporting to be Bank of Ireland or www.365online.com.
The Bank has discovered that a number of our customers and non-customers have received emails today directing them to a website posing as its personal banking online service, www.365online.com. The email directs the recipient to a website where they are asked to input personal banking information.
Should any customer have innocently responded to one of these emails they should contact Bank of Ireland immediately at 1890 365 365 or from outside ROI at +353 1 4622365.
Bank Of Ireland are so concerned by this that they announce it late on Friday evening, and there is nobody answering on the helpline, it's just the everyday automaton that you get, contrary to their websites claims.
http://www.weblogic.no-ip.info/?q=node/258
Comments (2 of 2)
Jump To Comment: 1 2The bank is being cautious that their explanation not be actionable and there is a "standards" issue in any case.
Because of a standard, your browser will allow addresses in other character sets to show as "Roman" (but ALSO without alerting you). What the bad guys "phishing" for your personal data did was figure out that a web site in symbol set X would display in Roman as the bank site address. That's called a "punning" address. So on the address bar you see what appears to be the bank site, but it's acutally a site some phishing group has registered.
a) The site registration folks are at least partially to blame. Instead of just collecting the fees for registering a site, authorities should be notified "possible fraud operation" if the site name is "punning" a registered financial -- maybe in ALL cases where an already registered site is being punned.
b) Browsers should at least have the option of turning the capability off. The lack of being able to do so in most of the open source browsers is considered a security bug and provision for disabling should shortly be available in newest program versions.
Couple of comments:
1) It's a holiday in Ireland. If they're answering the phones fast enough you'd complain about "attacks on the wurkers" and "exploitation of employees" because they had to work. Or if they outsourced it to India to allow you instantaneous 24 X 7 support, you'd have another moan. Personally, I think the BOI phone support is BRILLIANT. Well done, BOI for alerting your customers.
2) The comment about it being the site registration people's fault makes no sense. Besides the fact that the people who register site *names* are NOT the same people who own and host the site, why should they be allowed to police the English language - sounds like Big Brother to me. Next, "Roman" is a font name. It's nothing to do with character set support or the conversion of the code points that represent the code points. 99.9% of browsers and site names support US7 ASCII only. It's impossible to implement a feature that prevents character set conversion - in ANY browser. Supporting character sets is a basis of allowing people the world over to use the web. Oh, let's have browsers that only support US7 ASCII and calls the police when someone enters theirishbank.com (a pub) instead of bankofireland.com. DUMB DUMB DUMB.
IT'S A CRIMINAL ACT - THE RESPONSIBILITY FOR THIS IS ON THE PHISHERS.,
Indymedia Ireland is a media collective. We are independent volunteer citizen journalists producing and distributing the authentic voices of the people. Indymedia Ireland is an open news project where anyone can post their own news, comment, videos or photos about Ireland or related matters.