Bank closure spark phishing campaign

Ulster Bank and KBC have enabled cybercriminals to launch a targeted phishing campaign in recent months (Source). Phishing campaigns involve the mass sending of emails that appear to be from a reputable source however, upon closer inspection you will notice that the emails are impersonating that source/site/company. They are used by cybercriminals in an attempt to have people willingly give up the details to sensitive accounts such as login details or bank details.  

Both banks have mooted their intention to leave the Irish marketplace with the result of thousands of bank customers now closing accounts and seeking to moving their funds elsewhere. The public have been guided on the processes involved through a series of media campaigns across radio, television and print. Unfortunately for the general public, cybercriminals have taken advantage to the banking changes to create a wealth of target phishing campaigns in an attempt to obtain banking details for the general public and business owners.

The process of utilising current affairs to launch cyber campaigns is not unusual. When America Online (AOL) was becoming popular in the 90’s, the early hackers would send alerts introducing new services offered and ask for account details (source). In more recent times, the Covid-19 pandemic led to an increase in phishing attacks by 667% (source). Hackers capitalise on monumental moments, as it’s typically when people are at their most susceptible.  Filled with uncertainty and pandemic-induced anxiety, people ignored the warning signs of tell-tale phish. Instead, when they saw links that could point to ‘helpful’ advice on how to stay healthy during the world’s first major lockdown, people clicked on them. In many cases, emails pertaining to be from local government sources sought bank details to process ‘Covid compensation’. Hackers know that at times of uncertainty, human perceptions and awareness can be easily altered and as a result we see the use of phish soar in popularity.

In 2021, NatWest announced that Ulster Bank would no longer operate in the Republic of Ireland (source) reducing the number of banking providers available and leaving many people without suitable access to accounts to manage their personal finances with. The decision was come to due to a mix of marginal profits and recession-induced losses. As a result, the bank is closing new business from July 2022 and encouraging current customers to move banks to “avoid possible bottlenecks of account opening”.

As a result, many individuals are now seeking to open new accounts, transfer direct debits and standing orders, all under a time-fixed period. Customers will be changing bank details for everything from their Utilities company, phone bills and other direct debits or standing orders. This creates the perfect environment for fraudsters to slip in amongst the noise and act as just another company asking for your new bank account details (source)..

It is important to remain vigilant for suspicious emails from unexpected senders, especially during times of change and uncertainty. Customers and businesses who are impacted by the closing of these banks so be particular vigilant. Typical phish email examples include notification that standing orders are seeking new payment details, requests to forward new bank account details on behalf of utility companies (with impersonated senders addresses) and business invoices with new account details updated.

Our top tips to identify phish emails:

  • Always check who has sent the email (you can do this by simply hovering over the senders name to reveal the full email address)
  • Look for spelling and grammar errors in the text of the email
  • Look closely at any images or logos used for inaccuracies
  • Never click on a link within an email. If the email is asking for you to provide information, always do directly to the website and log in there before updating any information
  • Always telephone the supplier/customer directly before transferring funds to a new bank account.

If you have fallen victim to a phish email or you are concerned about an email you have received, we would suggest making contact with the company directly. Ideally, contact the company via their website or customer support services (remember, never to trust the details provided in the email received). In the unfortunately situation where money has been transferred, your banking provided will be able to assist you further.


Author: Leo Camacho


Folow us


Folow us



191 Colab,
Port Road, 
Co. Donegal

+353 7491 17034


3-5 Commerical Court
Co. Antrim
Northern Ireland

+44 2896 205140