Tag: #scam

Think Before You Scan: That QR Code May Be a Scam

In quishing attacks, cybercriminals place QR codes containing malicious links in public places, such as parking meters or restaurants, or send these QR codes via email. Such attacks can result in financial losses, stolen personal data, or compromised device, cybersecurity experts warn.

January XX, 2026. At the start of January, the US Federal Bureau of Investigation (FBI) issued a warning against cyber attacks organised by North Korean cybercriminals who used fake QR codes to trick users into obtaining personal information. According to cybersecurity experts, similar attacks, also known as “quishing”, are on the rise not only in the US but in other countries, as cybercriminals look for new ways to profit.

Quishg (QR code phishing) is a phishing technique where cybercriminals try to trick users into scanning QR codes that lead to malicious websites. Organisations in several countries have issued warnings that bad actors place these QR codes on top of legitimate ones in public places such as kiosks, restaurants, or parking meters.

For example, last year, UK government institutions have warned users of fake QR stickers on parking machines, with victims being sent to spoofed payment pages. Meanwhile, the US Federal Trade Commission issued a similar warning about unexpected packages containing QR codes that led to phishing websites.

Such fake QR codes can also be shared online. For example, the FBI said that a North Korean state-sponsored cybercriminal group, called Kimusky, targeted employees of organizations by embedding malicious QR codes in an email. In one such instance, a QR code was presented as a way to download additional information.

According to cybersecurity experts at Planet VPN, a free virtual private network (VPN) provider, no matter where a fake QR code is placed, the scheme is similar. After scanning it, a user is often forwarded to a fake phishing website mimicking a legitimate one, such as a restaurant’s website, where cybercriminals may try to charge a user’s credit card.

According to Konstantin Levinzon, co-founder of Planet VPN, such scams can lead not only to financial losses but also to compromised devices.

“Quishing is phishing–just in a different wrapper. A QR code can lower people’s guard because this technology became ubiquitous only during the pandemic, and the threat still isn’t as widely recognized. It also shifts the “risky click” from a visible link to a quick scan, making the danger easier to miss. Attackers are refining these tactics every year and constantly finding new ways to trick users,” he says.

According to Levinzon, one reason why cybercriminals may favour QR codes in emails instead of regular phishing emails is that QR codes often bypass anti-phishing and scam filters, because these often analyze only text and links, but don’t analyze images.

And even if anti-spam filters in emails are equipped with QR code detection, cybercriminals often find new ways to bypass them, for example, by making QR codes in different colors.

Cybersecurity researchers at Proofpoint estimate that during the first half of last year, there were 4,2 million QR code-related threats. However, Levinzon says that the number is likely higher because many QR code scams are undetected.

When it comes to protecting against the growing threat, users are advised to be more deliberate about when and why they scan a QR code. If after scanning a QR code, a person is forwarded to a website that asks for payment or log-in details, this is a real warning sign.

Meanwhile, if a QR code is sent from an unknown sender via email, Levinzon advises contacting the sender directly before entering login credentials or downloading files.

“We recommend applying the same logic everywhere: stay skeptical whether you receive a message from a coworker or on your personal social media account. However, vigilance is only part of the story. To maximize security, users also need basic safeguards – use a VPN on public Wi-Fi, install updates promptly, use strong passwords, and enable multi-factor authentication on all accounts,” he says.

 

 

Dublin County Sheriff Seizure notice postal scam

There is not a day that goes by without some scam or another be it text or email from utulity providers or packages being delivered requesting money and these are non stop all year round. This one is a new one from the Dublin County Sheriff

This scam however is a new one and in my local facebook group a reader posted up a letter claiming to be from the revenue but this came in the post but there is several tel tale signs but it caused a bit of a stir on the group and rightly so.

The letter itself has all the headings similar to what you would get and two big red text sections saying SEIZURE PENDING and FINAL notice. After some investigating myself speaking to the person on the page and looking into the matter it turns out to be a scam as the Gardai have been contacted and also say it is a fake.

The website itself alone looks ropey and all the details match the letter so be carefull as there is two of them now online

This is the other one online and fake

The details below match however there is clues

You can contact us using any of the following methods:

Phone: 01 8603077

Emailinfo@dublincountysheriff.com

PostFergus Gallagher, Dublin County Sheriff, Unit 17, Tolka Valley Business Park, Ballyboggan Road, Dublin 11

 

Here is the letter below and what to watch out for just in case you get one in the post

Bank of Ireland warns customers of ads impersonating well-known retailers

Bank of Ireland is warning customers about social media advertisements currently in circulation which are impersonating well-known retailers offering deals and bargains.

With online shopping at its peak during the holidays, fraudsters are increasingly targeting consumers through scam social media advertisements. These ads often impersonate well-known retailers, luring shoppers with fake offers and directing them to counterfeit websites designed to steal personal and financial information.

The Bank is also reminding customers that its dedicated fraud support team is available 24 hours a day, seven days a week throughout Christmas and New Year. Last year Bank of Ireland’s fraud prevention team received over 10,000 calls from customers during the peak holiday period (23 December to 29 December), with 550 calls on Christmas day alone.

Key advice for consumers:

  • Be cautious of social media ads that look too good to be true.
  • Always verify that you are shopping on the official website of a retailer.
  • Avoid clicking on links in unsolicited messages or posts – go to the retailer’s website for offers.
  • If you suspect fraud, contact Bank of Ireland immediately.

Nicola Sadlier, Head of Fraud, Bank of Ireland said: “Christmas should be a time of joy, not worry. Unfortunately, fraudsters see this season as an opportunity to exploit consumers, and we’re seeing many fake adverts currently which are impersonating well known retailers. Our fraud team is working around the clock, even over the Christmas and New Year period, to support customers. If something feels suspicious, trust your instincts and reach out to us straight away.”

Bank of Ireland customers can call the fraud team 24/7 on Freephone 1800 946 764.

Finnish innovation stops scam calls – Rest of Europe is following

Scam calls cause up to €850 million in losses worldwide every year, but in Finland, this tool used by criminals has been practically defeated. At the end of November, the action Finland has taken to reduce scam calls will be competing for the European Crime Prevention Award, and Europol is highlighting it as a model case.

Elisa was the world’s first operator to develop a technical method to identify and block caller ID spoofing. As a result, criminals have no longer been able to use Finnish phone numbers in their scams. In 2023, the Finnish Transport and Communications Agency (Traficom) mandated that a scam call blocking solution based on Elisa’s innovation be implemented nationwide in Finland. Since then, a type of scam known as a “technical support scam” coming from abroad has been virtually eliminated in Finland. Elisa alone has blocked nearly 26 million scam calls since 2021. Elisa’s solution was granted a patent in Finland in 2023, and in November 2025, it was also patented in Europe.

“Our employees developed the solution themselves, and we deployed it in our network back in 2021. This solution has allowed us to eliminate the majority of scam calls received by our customers. Criminals’ profits in Finland have dropped from €7 million a year to just a few thousand, meaning Elisa’s actions have already made Finland an unprofitable target for criminals. In 2023, other operators also adopted the solution following Traficom’s decision”, says Karri Jäkkö, Director of Elisa’s Cybersecurity and Service Management Center.

Now this scam call blocking solution has been nominated for the prestigious European Crime Prevention Award. The prize will be awarded on 28 November as part of the EUCPN Best Practice Conference. At the end of September, Elisa and Traficom’s efforts to reduce scam calls also won Rikoksentorjuntakilpailu, a crime prevention competition held in Finland.

From the Finnish model to an international example
Caller ID spoofing remains a tool for criminals elsewhere in Europe: Scam calls are a significant problem, causing an estimated €850 million in losses worldwide annually, according to Europol.

In October, Europol published a report calling for action at EU level: unified technical standards, closer cross-border cooperation, and harmonised regulation to prevent scam calls and hold criminals accountable. The Finnish model is mentioned as a good example. Foreign operators are also actively seeking ways to block scam calls and are interested in the success of the measures adopted in Finland.

“Finland has succeeded in creating a model that effectively protects consumers and prevents criminals from making scam calls from disguised numbers. It’s great to see that this is also attracting international interest. Preventing scams is an arms race between us and the criminals, so we are constantly developing new solutions as well”, says Jäkkö.

In addition to blocking scam calls, Elisa has developed a solution to block calls from unknown foreign numbers. Scam text messages can also be tackled with a solution jointly developed by Traficom and operators.

Elisa’s actions to reduce scams in Finland

  • 2020 – Prevention of “wangiri” scam calls:
    Elisa can identify and block commonly known wangiri numbers (a scam involving missed calls to prompt a costly callback) as well as potential new numbers and prevent the number from being displayed, so the victim cannot call the attacker’s line back.
  • 2021 – Elisa develops solution to block number spoofing:
    Elisa creates a solution that blocks number spoofing, i.e. falsifying Finnish phone numbers and using them in scam calls.
  • 2023 – Nationwide implementation of the number spoofing blocking solution:
    The solution for blocking number spoofing is adopted nationwide by order of Traficom.
  • 2024 – Tackling scam text messages:
    If an organisation has registered their sender name with Traficom, Elisa can block scam messages claiming to be sent by that organisation. For example, the Finnish Tax Administration is one of those who have registered their sender ID, so scam messages claiming to be from the tax authorities will not get delivered.
  • May 2025 – Basic security features for consumer mobile subscriptions:
    Elisa introduces default basic features for consumer mobile subscriptions that protect people using the internet on their mobile phone. These include a secure authentication service (mobile certificate), malicious website blocking and monitoring for data breaches.
  • July 2025 – Ability to block calls from abroad entirely:
    Elisa adds the possibility to completely block incoming calls from abroad using its patented solution.

Ireland puts pressure on Big Tech to tackle surge in online financial ad scams

Online financial scams are accumulating a substantial toll within the European Union, as consumers continue to be defrauded at an estimated €4.3 billion in 2022, and similar trends continuing in the year after. 

Sophisticated yet misleading advertisements have been pushed across major social media and technology platforms have become a primary conduit for these fraudulent activities.

Ireland’s stand: A push for pre-emptive action from tech giants

In response to the escalating threat, Ireland is spearheading an important initiative within the EU that proposes a rule change that would force Big Tech companies to vet financial advertisers before their advertisements are published. 

At the core of this Irish amendment, which would add to the already extensive payment services regulation, is to mandate that only financial service providers (who are officially registered with national competent authorities) would be permitted to run financial ads within the EU. 

Such a proactive stance is designed to shift the onus of initial verification onto the platforms themselves, in part because those with the broadest shoulders should bear the greatest burden. Though, the crux of the debate is simply that if a platform “airs” an ad, they should be responsible for it. 

The debate has similarities to the debate of whether web hosting providers, particularly cheap and accessible providers like IONOS, should be responsible for the sites that they host. The proposal has gained a lot of eyes, and traction, with around half of EU member states reportedly expressing support. Though, figures like US President Donald Trump have previously advocated for scaling back the regulation of major American technology firms, so this could further stoke the fire of what appears to be the EU and US going head to head.

Digital Services Act and internal conflict 

Ireland may well face internal conflict too, as a big challenge to the proposal lies in its potential conflict with the EU’s landmark Digital Services Act (DSA). Several EU diplomats have indicated that the European Commission sees a requirement for Big Tech to pre-vet online advertisers as contravening the DSA provisions, which generally don’t force platforms to conduct broad-based, proactive monitoring of content. Of course, broadly speaking, the mood around this topic might be changing, and Irish MEP Regina Doherty has countered that the requirement can be structured to align with existing law. Doherty claims it could focus on verifying the advertiser’s authorised status rather than policing the specific content of each ad, a little bit like how one must be FCA authorised to conduct crypto ads in the UK now. 

Alternative suggestions also exist, like Poland’s proposal for streamlined communication between payment providers and platforms to facilitate post-fraud content removal. Though, this is deemed insufficient by industry critics who argue this reactive approach fails to address the speed and impact of initial fraudulent postings. 

Supporting the need for more proactive urgency, the Bank of Ireland claimed that over 75% of its customers’ fraud losses during the past year come from investment scams, of which many are promoted online.

Creating a safer digital financial ecosystem

The growing crisis of online financial ad scams highlights that something needs to be done, and as is often the case, the EU is where it is most likely to happen. As Ireland pushes for this proactive amendment, we are yet to see how not only internal disagreements play out, but also how US Big Tech reacts to their ongoing battles with the EU.

SIM swapping: when your cell phone number is used for fraud

SIM swapping is a type of fraud in which criminals take control of a cell phone’s SIM card. Find out here what the consequences can be and how you can protect yourself.

In SIM swapping, criminals manipulate mobile phone providers to transfer the victim’s phone number to a SIM card that is in the possession of the fraudsters. In this way, you yourself are locked out of your cell phone and no longer have access to your own data. You will lose passwords as well as your saved performance at National Casino Ireland.

Access to your smartphone allows criminals to receive calls and messages from the victim and often bypass the two-factor authentication that many online services use to protect accounts.

SIM swapping: how the scam works

The SIM swapping process can take place in several steps, as the North Rhine-Westphalia police explain:

Obtaining information: criminals collect personal information about the victim, for example through data leaks, phishing, social engineering or buying data on the dark web.

Contacting the mobile phone provider: Using the information collected, the fraudsters contact the victim’s mobile phone provider and pretend to be them. For example, they claim to have lost their SIM card or that it is damaged and ask for the number to be transferred to a new SIM card.

Overcome verification: Accounts with mobile phone providers are often protected with two-factor authentication. This means, for example, that the mobile phone provider will send you a code via text message that you have to enter to confirm your identity. Fraudsters often try to circumvent this authentication by calling you and pretending to be a trustworthy institution. For example, they might introduce themselves as a parcel delivery service and say they need the code sent to them to deliver a parcel. If you tell them the code, they will give it to the mobile phone provider and can then proceed with the SIM swapping.

Number transfer: If the scam is successful, the victim’s phone number is transferred to the scammer’s SIM card. From this moment on, they can receive calls and messages from the victim.

Consequences of SIM swapping

SIM swapping means you lose access to your cell phone. SIM swapping can be devastating for those affected. Once fraudsters have access to the mobile account, they can use the data to gain access to other accounts. The consequences of SIM swapping therefore include

  • Financial loss: Fraudsters can access bank accounts, make bank transfers or steal credit card information.
  • Identity theft: With control of the phone number, criminals can steal more personal information and take over the victim’s identity.
  • Loss of access: Victims can lose access to their email accounts, social media and other online services that are protected by the phone number.

How to protect yourself from the scam

To protect yourself from SIM swapping, you can take the following preventative measures:

 

  • Be careful with your own data and don’t give it out carelessly over the phone or by email.
  • Make sure you publish as little personal data as possible, for example on social media or in Telegram channels. You should be particularly careful with your cell phone number.
  • If possible, use an antivirus program on your smartphone.
  • Do not download any data from unknown or insecure sources.
  • Use strong, unique passwords for your accounts and activate two-factor authentication (2FA), ideally via authentication apps instead of text messages.
  • Choose security questions and answers that are difficult to guess and cannot be derived from publicly available information.

If you have already fallen victim to SIM swapping, you should take the following steps:

Check all your relevant accounts and change your access data.

Inform your mobile phone provider about the fraud and all other account providers that the fraudsters are likely to be able to access (e.g. your bank). File a criminal complaint.

 

DHL sorry we missed you card scam

The latest scam now doing the rounds is one you would not be familiar with so it is time to buckle up and be aware and take heed at what the scammers are now up to.

This time of year we usually see a raise in sms scams from courier companies and more in fact I got one from PTSB the other day in which they have yet to respond to and make people aware. well done lads.

Being involved in the logistic industry years now this is a new one rather than a text or email and it is a missed call card left in your letterbox with no name on it, the giveaway here is there is a QR code on the right with a website address to type in and it is as you guessed a scam and some will fall for it thinking they have a missed parcel. This is for the DHL on demand service.

This all goes down well now with the hold up at holyhead and people will be in panic mode now hoping they have not missed a parcel for themselves or a gift purchased for someone else.

Below is two samples of what you need to watch out for the one on the left is a legitimate card DHL will leave and the one the right is the dodgy one so be extra aware of what is coming through on your phone and in your letterbox and have a great Christmas. Don’t get scammed.

DHL have advised the following

 Important Update from DHL  We’re aware of social media and WhatsApp messages circulating today about a potential DHL “Not Home” card scam involving our On Demand Delivery service. Here’s what you need to know: Our couriers in Ireland DO leave official cards (see example) when no one is home to accept a delivery. These cards include a QR code for rescheduling your delivery. Scanning this QR code should redirect you to:
Alternatively, typing DHL.ie/ondemand in your browser will direct you to the same link.
 Safety Tip: If you’re directed to a different address or encounter cards that don’t match our sample, do not interact with them. Stay vigilant and thank you for trusting DHL!

Facebook and Instagram most identified by public for featuring fraudulent adverts

In advance of International Fraud Awareness Week, research commissioned by Bank of Ireland has shown that 90% of the population believe fraud is a big problem in Irish society, with fake online purchase scams being the most common way for consumers to lose money.

One third of those surveyed said they had been targeted by a fraudulent advert on a social media platform. When these respondents were asked to identify the platform, 65% identified Facebook, 28% identified Instagram, with X at 13%, TikTok at 11%, and Snapchat at 4%.

In addition, almost half (47%) of citizens aged 18+ have seen adverts for investments or crypto currency on a social media platform featuring a well-known personality, politician or musician. The impersonation of well-known people and media organisations is a tactic used regularly in fraudulent ads to trick consumers into fake crypto investments, bond purchases, or savings products.

This can include impersonation of individuals such as President Michael D. Higgins, An Taoiseach Simon Harris, An Tánaiste Micheal Martin, former Taoiseach Leo Varadkar, Denis O’Brien, Dáithí Ó Sé, Brian Dowling and Tommy Tiernan.  Adverts can also include links to fake websites impersonating RTE, the Irish Independent, Forbes, The Irish News, BBC News, the Irish Mirror, and many others.

Nicola Sadlier, Head of Fraud, Bank of Ireland said: “Fraudulent adverts are a blight on social media platforms. These adverts are all about one thing – the theft of money from consumers and businesses by criminals. They cause harm to people, the financial services system, and the economy. 

“Much more needs to be done. One common sense step would be to ensure that online platforms check that adverts are from companies that are regulated to sell financial products and services. The current approach, which is allowing fraudsters run fake ads that impersonate celebrities, politicians, and legitimate media organisations – all with the aim of stealing money – is clearly broken. 

“That’s why Bank of Ireland is calling for legislative change at European Union level so that online platforms will have to verify that advertisers of financial services are regulated to sell those services.”

Findings from the Red C poll among the Irish general public include:

  • Fake advertisements were most commonly seen on Facebook and Instagram followed by Twitter/X (13%), TikTok (11%) and Snapchat (4%).
  • The majority of people (66%) report fraud to their bank, followed by the Gardai (17%)
  • When asked to select all parties they believe responsible for protecting people from fraud in Ireland 66% selected Banks and Financial Services companies, along with the Gardai (51%), mobile phone (39%) and social media companies (39%).  60% of the population believe they themselves have a role.

The research was conducted as part of an ongoing campaign to raise awareness among Bank of Ireland customers and the general public around the danger of fraud to their personal finances and how to safeguard against the main causes of fraud. International Fraud Awareness Week runs from Monday 18 November, with a series of communications planned by Bank of Ireland to further raise awareness among the general public around fraud protection.