The National Cyber Security Centre has warned of a sustained phishing campaign aimed at Irish financial services firms and their customers. The lures are convincing, the infrastructure moves fast, and the goal is credentials and live sessions.
The Lure
Emails and texts impersonate banks, Revenue, and delivery firms, pushing urgency: a blocked payment, a refund, a parcel held. The links lead to pixel perfect clones of real login pages.
Why It Works
Attackers now use real time phishing kits that relay your login and one time code straight to the bank while you type, defeating basic SMS two factor authentication. The victim sees a normal login. The attacker walks in behind them.
Defending Your Staff
Move to phishing resistant authentication such as passkeys or hardware keys. Teach staff to navigate to sites directly rather than clicking links. Report suspicious messages to the NCSC and your provider so the infrastructure is taken down faster.
If You Click
Change the password immediately from a known good device, revoke active sessions, and contact your bank. Speed matters more than embarrassment. The faster you act, the smaller the damage.
Written by Shreesh, Shamrock Security