Anyone who uses online banking is being warned to be on the lookout for a sophisticated scam aimed at getting your login details.
Scammers are using number spoofing software to make it appear as if their messages are coming from a bank's legitimate number.
What this means is that scam messages can appear in the same text thread as genuine messages from the bank (or indeed other service providers).
Newstalk's technology correspondent Jess Kelly highlighted this issue over the weekend when she received one of these texts.
Text 1: legit
Text 2: a scam
Both appearing on my device as being from Bank of Ireland. pic.twitter.com/wYf7tpOab0— Jess Kelly 👩🏻💻 (@jesskellynt) October 30, 2021
Speaking on Newstalk Breakfast, she explained: “Straightaway, I saw the link looked dodgy, as there was a typo in the URL."
To see exactly how the scam works, Jess clicked through - something she strongly advises others not to do.
When asked for her username and date of birth, she put in fake details - in this case just '123456'.
As is the case with many genuine banking apps, Jess was then asked for three of the digits from her six-digit online PIN number.
She explained: "I put in 123… it said it wasn’t right. It then asked me for the other three digits. I put in 123… and it let me in.
“The idea behind this scan is they’re looking for your entire PIN, date of birth and username - meaning they can then get access to your entire account."
And here is how you know it is a scam. I do not recommend you do this. I’m just doing it to prove a point.
Please note: these are not my actual log in details (as if it needs to be said!).
See how the pin doesn’t work so it forces me to enter the other 3 digits?! pic.twitter.com/lxhvk4f2up
— Jess Kelly 👩🏻💻 (@jesskellynt) October 30, 2021
Jess said the bank has been in contact about the issue, and unfortunately, there's not much they can do about fraudsters using sender ID spoofing to 'trick' devices into thinking messages are coming from a legitimate source.
As a result, it's important for consumers to be aware of the issue and be cautious when they're sent a link - even if it appears in the same thread as genuine messages.
Jess said: "The key message here is for people not to click on a link.
“If you think that it may be a legitimate message, you can either go on the website - not through the link - or call the service provider to verify it.
"You don’t want to read something in a rush, click on it and suddenly send over very, very sensitive data.”