Another new phishing campaign against Bank of Ireland customers | by Maciej Makowski

Another new phishing campaign against Bank of Ireland customers

by Maciej Makowski

Quick Sunday evening threat research: this feels like a bit of a deja vu – or maybe it’s a seasonal thing – last year, nearly exactly to the day, I wrote about a phishing campaign targeting Bank of Ireland users.

In an uncanny coincidence, a very similar, new phishing campaign just launched.

Malicious SMS messages are being sent from a spoofed BOI number, containing a link to a domain hosted in Ukraine on IP address – created today…

Bank of Ireland phishing OSINT

The link won’t open on a desktop browser as the website appears to conduct user agent validation only allowing access to mobile devices.

For the same reason, it also evades detection and scanning with urlscan…

But good old VirusTotal still detects it:

Bank of Ireland phishing OSINT 2

The same IP address hosts two more similar phishing websites:

  • boi-authie[.]com
  • online365-boi[.]com

A quick scan with Shodan reveals a total of 15 open ports – some of which allow direct connection to control panels for the fraudulent domains – not what you would expect to see on a legitimate Bank of Ireland domain, right?

Bank of Ireland phishing OSINT 4
Bank of Ireland phishing OSINT 5

The IP address belongs to a Hong Kong hosting provider Eranet.

Their email address for reporting abuse is support(at) – going to send this article to them now and hopefully this fraudulent operation is taken down promptly.

About the Author:

Maciej Makowski - information security specialist with a strong background in criminal investigations and online safety. Spent nearly 13 years working as a police officer and cyber crime detective in An Garda Siochana, Ireland’s National Police and Security Service. Graduate of University College Dublin, also received professional qualification in data protection from the Law Society of Ireland. Experienced Axiom, Encase and FTK digital investigator, certified Cellebrite forensic mobile examiner. Author of, a blog on open source intelligence and digital privacy.


The article originally published at:

July 28, 2021
Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2013