About Us

Latest News

Bank of Ireland Statement - 'Phishing' Attacks



The banking industry has been the subject of a spate of "phishing" attacks recently that have been the subject of widespread media publicity. "Phishing" is the use of fraudulent emails to attempt to extract confidential and personal information from a customer. Since Bank of Ireland first received notification by customers of 'phishing' attacks on their accounts, the Bank has undertaken an extensive communications programme with customers to ensure that they understand fully what 'phishing' is, what to do if they receive an email and also re-iterating that customers personal log on information is their responsibility and customers should never disclose this information to anyone. This campaign includes a detailed statement and warning on www.365online.com and a detailed fraud brochure issuing to all customers with bank statements and available in branches.

Because the security of the personal log on information being sought is the responsibility of the individual customer, Bank of Ireland has always taken the view that it would not refund customers where their disclosure of such information leads to their accounts being defrauded.

As a business committed to the highest quality of customer service, Bank of Ireland always reviews situations on a case-by-case basis regardless of the issue involved. Customers that have been refunded by the Bank recently were done so, having reviewed their cases and on the exceptional basis that "Phishing" was not widely known or understood by customers and was a relatively new phenomenon in internet banking in Ireland.

However, the Bank wishes to reiterate its policy that it does not refund customers that are the victims of 'phishing' attacks. Personal log on information is the responsibility of the customer, to whom the personal log on information was issued and it is vital to the integrity of the system and the security of the individual's account that this remains so at all times.

Phishing is a type of online fraud, whereby you receive an email that claims to be from Bank of Ireland or another financial institution asking you to verify or re submit confidential personal banking information. You are re-directed to a hoax website that looks similar to a legitimate website such as Bank of Ireland's online banking site, www.365online.com. There, you are asked to input your personal log on information such as online User ID, full 6 digit PIN and password information (i.e. date of birth and last 4 digits of your telephone number).

We have a golden rule in Bank of Ireland that we tell our customers ? DON'T DISCLOSE:
Bank of Ireland never requests that customers give full personal log on information such as online User ID, full 6 digit PIN and password information (i.e. date of birth and last 4 digits of your telephone number), either over the phone or online, in an unsolicited manner.

If you receive one of these emails:

  • Do not click any links or open any attachments
  • Do not input any personal / account information even if it appears to be from Bank of Ireland
  • Forward the email to 365security@boimail.com immediately
  • Then delete it without clicking on any links or attachments
  • If customers have any concerns or any questions they should contact us immediately (1890 365 365)

5th September 2006

For reference
Sharon McDonnell
Consumer Communications Manager
Tel: 01 604 3750

Search Press Releases