FRAUDSTERS are targeting Irelandâ€™s biggest bank, AIB,Â in a virtually undetectable internet scam. The bank admits it does not know and cannot find out how many of its customers are affected by the fraud.
Cheats have found a way of overcoming security measures on AIBâ€™s genuine website to fool customers into divulging their account details and passwords.
They are infecting customersâ€™ computers with a â€œparasiteâ€ virus which activates the moment they visit AIBâ€™s secure internet banking site and go to the â€œlog-inâ€ page.
t the log-in stage they are presented with a â€œghostâ€ AIB page asking them for their registration number, full security code, mobile phone number and credit card details.
However, customers cannot immediately tell the page is bogus as the website address in their browser is exactly the same as AIBâ€™s security-assured website.
The only way they have of knowing the page is fake is if they are aware that AIBâ€™s standard log-in page never asks for PIN access codes in full.
AIB, which is Irelandâ€™s biggest company, said only a few customers have reported noticing the scam, but said bosses could not find out how many were being targeted.
Last night consumer rights campaigners called for urgent action from AIB to publicise and tackle the â€œbreath-takingâ€ new scam.
â€œThis fraud just shows the capability, determination and intellect of the people involved in the scam,â€ said Mr Dermott Jewell of the Consumersâ€™ Association of Ireland.
â€œThe banks are going to have to invest a significant amount of time and expertise to deal with this â€” a simple warning to customers will not do.â€
Customers were being increasingly encouraged to go online to do their banking and had to have confidence they were not being defrauded, he said.
The â€œghostâ€ scam is a new form of the phishing con, which uses e-mails to trick consumers into visiting a bogus website to give over their bank details.
Savvy customers can tell the â€œphishingâ€ website is fake because the internet siteâ€™s address differs from the normal one used by their bank and is often not a secure site.
This new scam does not rely on email, but tricks customers by making them believe they are entering details onto a genuine site. Armed with customerâ€™s account details, passwords and credit card numbers, the fraudsters can log on to the genuine site and plunder the accounts of victims.
AIB has yet to send out individual warning messages to internet customers, who occasionally get notices and messages from the bank once they log in.
But customers visiting the bankâ€™s main website â€” www.aib.ie â€” can read the bankâ€™s warning about the scam and see an example of the â€œghostâ€ page. â€œThis is not an AIB screen: it is a fraudulent attempt to obtain your personal details,â€ the warning read.
â€œThe attempted fraud is caused by a virus which installs rogue software on a customerâ€™s computer and then presents a fraudulent screen asking for personal details. Only customers who have this virus on their computers will be affected.
â€œHowever, unfortunately, AIB cannot detect which customers have been affected.â€
* Any AIB customer who spots a fake page is asked to telephone the bank on 1890 24 24 24.
Net loss: how scam works
* The scam works by infecting a customerâ€™s home or work computer with a virus while they are surfing the internet.
* The virus installs hidden software that is triggers into life once the customer visits the log-in page on AIBâ€™s main website for internet banking.
* The software superimposes a fake website over the genuine AIB website and tricks consumers into divulging their account details.
* Savvy consumers have previously been able to spot similar scams by spotting that the address bar on their web-browser has sent them to a rogue page.
* The new scam means the address in the browser stays the same as the genuine secure site, fooling consumers into thinking the bogus site is safe.