“Adopt the Zero Trust Principle – Never Trust, Always Verify”

• Bank of Ireland research reveals that fraudsters are contributing to the stress of the nation with over 68% of those surveyed worried about being targeted by online fraudsters.
• Increase in people receiving a fraudulent email, text or call – from 55% to 61%, 2020 to 2021.
• Cybercrime expert Professor Mary Aiken advises: “We need to adopt the ‘Zero Trust’ principle – that is ‘never trust, always verify’ when it comes to online activity and protecting personal and financial information”.

In the wake of a significant spike in fraud targeting the Irish population, Bank of Ireland has partnered with leading international cyberpsychologist, Professor Mary Aiken, to understand what drives customers to click on links in text messages that they believe are from their bank.

The Bank has also conducted research (Red C, RED Line Omnibus, July 2021) which has revealed a sharp rise in the number of fraud attempts on the population in the last year and an increase in the numbers feeling under threat:

• 61% have received a fraudulent email/SMS/call claiming to be from their bank;
• 74% regularly consider the threat of fraud when they are online
• ‘Smishing’ or fake texts are the most common form of targeting; 47% have received a fraudulent SMS claiming to be from their bank, up 10% on 2020.

Professor Aiken highlights that our behaviour can make us more vulnerable to online fraud – including online disinhibition, psychological vulnerability, and cognitive dissonance – and there are specific ways that consumers can address these risks:

• Online disinhibition: The concept of online disinhibition can play a major role in fraud. This means that people sometimes do things online that they wouldn’t do in real life, like revealing personal information and taking more risks. Cybercriminals also use profiling, targeting victims to harvest their data.
• Advice to address this risk: “Think like a profiler” – this means, be conscious of your ‘digital exhaust’ which is the trace you leave online, and be wary of posting personal information on social media sites. It is also extremely important to consider what personal information could reveal about you to a fraudster, and how it might help them to target you.
• Psychological vulnerability: We have all been subjected to an ‘infodemic’ over the past 18 months which can cause increased levels of anxiety. When people become anxious, it can raise their level of vulnerability.  This can create a new ‘attack vector’ for cybercriminals who may, for example, place an urgent instruction in their communications regarding personal or financial information. When this form of attack happens against the background of – for example – a major ransomware event with associated threats to dump personal data, it can create a perfect storm of opportunity for cybercriminals.
• Advice to address this risk: Be very wary of any message, from a bank or any supplier or company, which asks you to take urgent action. Stop, wait, and consider if this could be a fraudulent message. Adopt the ‘zero trust’ principle: never trust, always verify.
• Cognitive dissonance – This describes the mental discomfort that results from holding two conflicting beliefs or attitudes. For example, we know we should be wary of public Wi-Fi as we do not know who set up the network, and we understand that malicious users could capture passwords or intercept what we are doing online. However, many of us – when we really want to connect – ignore the risk, and do it anyway.
• Advice to address this risk: Think carefully before you click or connect. Don’t just hope or assume everything will be ok. That is the assumption fraudsters are hoping you will make.

Professor Mary Aiken commented: “Bank of Ireland’s research bears out what we are seeing on a global scale.  A surge in cybercrime is being reported around the world, highlighted in recent reports from Europol[1], INTERPOL,[2]  and the FBI who reported a 300% increase in cybercrimes since the pandemic began.

“The Gardaí also reported an increase in online crime up 50% last year – with criminals moving away from traditional types of theft and robbery to attempting to defraud people online. It’s difficult: trust is a very human trait but in an age of technology we have to adapt. When it comes to personal information or financial transactions, the ‘zero trust’ principle must be front of mind – never trust, always verify.”

Edel McDermott, Head of Fraud, Bank of Ireland said: “Our customers’ financial wellbeing and peace of mind around the safety of their accounts is a top priority for Bank of Ireland.  To help protect customers against fraud, we have issued a number of warnings in recent weeks about the alarming increase in ‘smishing’ (fraudulent text) attempts. Unfortunately, in spite of the warnings, people continue to click on links and disclose their personal information to fraudsters. 

“We are working with Professor Aiken to help our customers understand how the fraudsters target our vulnerabilities as we live our lives increasingly online. The Bank’s message to our customers has not changed, and is simple:  We will never text, send emails or call a customer looking for their confidential banking details. Do not click on links or disclose personal information including one-time passcodes or your full Banking 365 PIN. You can forward any suspicious emails or texts to us at 365Security@boi.com and if anyone is concerned that their account has been compromised, they should call our 24/7 freephone line 1800 946 764.”

Bank of Ireland’s research also revealed:

• 95% said they would have little or no trust in receiving a text message from their bank with a link requesting them to login to their Internet banking account.
• Research revealed a six percent drop in confidence regarding awareness of fraud tactics, with 60% feeling confident they know the tactics used by fraudsters down from 66% in 2020.
• Anxiety caused by fraudsters is on the increase with 68% of those surveyed worried about being targeted by online fraudsters, up from 62% in 2020.

For more advice and information on fraud, visit www.bankofireland.com/security or www.fraudsmart.ie

Notes:

This Bank of Ireland research, commissioned as part of Red C, RED Line online omnibus from 1 to 7 July 2021 with a sample of 1,010 respondents, is a nationally representative sample of the population aged 18+ living in the Republic of Ireland.

Dr Mary Aiken is a Professor of Cyberpsychology and Chair of the Department of Cyberpsychology at Washington D.C.’s premier STEM University, Capitol Technology University. She is Member of the INTERPOL Global Cybercrime Expert Group and Academic Advisor to Europol’s European Cyber Crime Center (EC3). She is a Professor of Forensic Cyberpsychology in the Department of Law and Criminology at the University of East London, Adjunct Professor at the Geary Institute for Public Policy University College Dublin, Fellow of the Royal Society of Medicine, member of Medico-Legal Society, International Affiliate Member of the American Psychological Association (APA), Fellow of the Society for Chartered I.T. Professionals, and International Global Fellow at the Washington DC Wilson Center.

Dr Aiken is an expert advisor to the UK gov. Department for Digital, Culture, Media & Sport (DCMS) on online safety technologies (Safety Tech), and co-lead on an EU H2020 five . She recently co-authored a position paper on the social impact of cybercrime for Europol titled “The Cyber Blue Line.”

Dr Aiken has an M.Sc in Cyberpsychology and a PhD in Forensic Cyberpsychology, her research interests include SafetyTech, human factors in infosec & cybersecurity, organized cybercrime, cyber behavioural profiling, Fintech, HealthTech, Internet psychology, human & technical drivers of cybercrime, A.I. and cyber ethics. Dr Aiken is recognised as an expert at national and international level in policy debates at the intersection of technology and human behaviour.

Research and publications available at: http://www.maryaiken.com/research-and-publications