Welcome to #WeekendWisdom number 39. This week we’re going to talk about Bank of Ireland Cyber Fraud.
Earlier this week, the Bank of Ireland was fined over €1.6 million for failures in relation to a Cyber Fraud case from back in 2014.
How did Bank of Ireland suffer Cyber Fraud?
What happened back then was a client of their Private Banking arm had their email account compromised by some cyber criminals. They sent an email to the Bank of Ireland staff requesting them to make payments of some €106,000 and the bank staff followed through on those instructions and made the payments.
The client subsequently realised the fraudulent transactions on their account. They notified the bank which immediately refunded the amounts to the client.
Why did they get fined?
However they did not report the matter to An Garda Shíochána in good time and they also did not highlight the incident correctly to the Central Bank of Ireland, the Irish regulator. So for those reasons they were given this significant fine.
If a bank can fall for this, how can I stop that happening in my business?
As I mentioned back in #WeekendWisdom number 31, this is very, very much like a CEO fraud or business email compromise. So the advice then still stands. Never carry out payment instructions based on an email alone.
Always seek verification of a payment instruction by way of maybe a telephone call. Only use a number that you have on file for that authorised person. Just never act on an email because compromising email accounts is incredibly easy.
So that’s it for this week. Let’s be careful out there and we’ll talk to you again next week.
How can L2 Cyber Security help you?
We offer a full range of training programmes, which can be delivered online or in-person*. This training can show your staff how this type of fraud is committed so they can be recognise it if the cyber criminals try it on them.
L2 Cyber Security are also a partner of CyberRiskAware for online self-directed Cyber Security Awareness training and Phishing testing.
Contact us for more information at info@L2CyberSecurity.com.
*With appropriate social distancing and other health and safety measures adhered to.