Vishing (fraud phone calls), Smishing (fraud texts) and Phishing (fraud emails) may not be overly familiar terms but An Garda Síochána wish to highlight the increased prevalence of these specific fraud related crimes, which have seen an increase of 370% in 2021, compared to 2020. While overall fraud offences have increased by 111% for 2021.
An Garda Síochána is asking members of the public to be wary of unsolicited phone calls, emails and texts and not to click on any links. The most prevalent frauds are purporting to be from your bank, or other financial institution, where you are invited to click a link which brings you to a cloned website, subsequently looking for your PIN. They may also seek other personal data such as address, date of birth, PPS numbers etc. These are just a few of the online scams cybercriminals use to steal your private data (personal or financial information).
An Garda Síochána is warning the public to never give away personal data such as bank account details, PIN numbers, credit card numbers, passwords, one time codes, PPS numbers and Eircodes. If you’ve been a victim of fraud, it’s vital that you change your passwords immediately and report the matter to your bank as well as to An Garda Síochána.
Case Study: In May 2020 Gardaí in Killarney received a report following a fraudulent Bank Text Alert Scam that an injured party had €10,000 removed from their account. The fraud was reported quickly and An Garda Síochána working with the Bank were able to reimburse the €10,000. An investigation commenced under the Criminal Justice (Money Laundering & Terrorist Financing) Act 2010 with the Garda identifying a suspect bank account based in Co. Meath. The holder of that bank account has been convicted before Trim Circuit Court in January 2022.
If you have been a victim of this type of fraud – act quickly, it is vital to change your passwords / PIN codes, report the matter to your bank seeking a recall and report the matter to An Garda Síochána.
The advice from the Garda National Economic Crime Bureau (GNECB) on Vishing, Smishing and Phishing (this can also take place in the workplace) is as follows:
Vishing – Calls
· Be wary of cold calls received. Ask the caller their name, their phone number and if you are concerned hang up and ring your bank / service provider from a number advertised in a phone book, on your bill or from a Google search.
· Just because the number looks Irish does not mean it is – fraudsters use VOIP and spoofed numbers.
· Never act on advice received or instructions from a cold caller.
· Never give away personal data like bank account details, PIN numbers, credit card numbers, passwords, one time codes, PPS numbers or Eircodes.
· Never download any Apps as these allow the fraudster to take control of your device.
· Be aware that State bodies including the Revenue Commissioners will not ring you to advise that you are under investigation.
· Do not transfer money in any way.
· Before taking any action, seek advice from a trusted person.
Smishing – Texts
· Be wary of such texts even if they are contained within the thread of previous genuine texts from banks.
· Never click on links – by doing so you are accessing cloned websites.
· If you’re expecting a delivery and receive such a text, be very careful.
· Banking institutions will never send a text containing a link.
· An Garda Síochána advise people not to respond to such texts, to take screenshots of the texts received and delete them and to report it to the bank or relevant company and local Garda station.
Phishing – Emails
· Phishing emails can look official – make sure you are certain it’s legitimate before opening an attachment.
· Hover over any hyperlinks so you know where they lead to before you click (or go directly to the source).
· Beware of requests for personal or financial details or requests to reset passwords.
· Delete any suspicious emails, block the sender and don’t forward the email to anyone else.
· Don’t store passwords on your browser. If any of your passwords are compromised, it could lead to a chain of disasters and compromise all your accounts.
· Avoid using personal or untrusted removable devices (such as phones, tablets, iPods, SD Cards) on office systems.
· Beware of generic, impersonal greetings, such as “Dear Friend” or poor spelling and grammar.
· Check the displayed name against the actual email.
· Limit what you share online – cybercriminals use information you post online to learn how to gain your trust.
· Stay updated with security policies and best practices.