Scammers appear to have been having a pretty lucrative time in recent months.

The issue was brought to public prominence in recent weeks on RTÉ's Liveline when, over a number of days, several callers spoke about the thousands of euro they had lost through a scam that saw them receiving bogus texts within a thread of genuine correspondence from Bank of Ireland.

The texts were sent to bank customers via a practice known as 'smishing', informing them that their bank cards had been compromised and had been deactivated by the bank.

The customer was then directed to what was apparently, but not, the Bank of Ireland website where they were told they could order a new card.

It was at this point that the customer was asked to submit their banking details and then it was open season for the fraudster.

In another iteration of the scam, a customer was told a transaction was about to be executed on their account and, not recognising the transaction, they clicked on the link in order to supposedly prevent it from happening.

"They use a sense of urgency to pull the consumer in," Raluca Saceanu, General Manager of Smarttech247 said.

Raluca Saceanu

"It's a very lucrative enterprise. Google said they had identified 18 million online scamming attempts every day since the pandemic. Even if a fraction of those are successful, it's a lot of money."

Initially the bank said the responsibility rested with customers who had given their details away and were therefore liable.

In an interview on RTÉ's Morning Ireland, on the publication of half year results last week, Bank of Ireland CEO Francesca McDonagh said it was incredibly important for individuals not to divulge their personal banking details online.

"It's like giving someone the keys to your car or dropping your wallet on the street. You're making yourself very vulnerable to fraud," she said.

However, after further cases came to light in the days that followed, the bank conducted a review and announced earlier this week that it would reimburse all affected customers. So, it was a happy ending for those people.

However, that's not the experience of everyone who has found themselves in this situation and indeed it would be wrong to suggest that this type of event was unique to any one institution.

"There are scams constantly on the go that target banks and other well known brands," Urban Schrott, IT Security and Cybercrime Analyst with ESET Ireland said.

"Cyber criminals are well aware that targeting customers with names they are familiar with will yield better results."

He said it was difficult to accurately estimate the incidence of cybercrime, as it tended to be under-reported, and it was therefore hard to put a figure on the amount of money that's lost through scams every year.

When incidents like the one that targeted Bank of Ireland customers are raised in the public consciousness, it can encourage others to admit that they've been scammed and it puts a welcome spotlight on the issue.

"Victims rarely report when they've been scammed. People tend to feel embarrassed and they feel that if they report it to the gardaí, they won't get their money back anyway so there's no point," he explained.

Scams are not necessarily more prevalent now, Mr Schrott believes, but they had become more sophisticated, complex and credible.

"There is no off-season for fraudsters. The more we tell people what to look out for, the more careful they become, so the criminals have had to become more inventive."

And so a batch of new, more convincing scams are constantly being deployed.

This particular Bank of Ireland scam appears to have been inordinately successful, owing mainly to the ability of the scammers to get the text into a thread of genuine correspondence between the bank and its customers.

"It's very simple. The organisation probably uses text applications that display names instead of numbers. It's really easy to spoof the name so the text ends up going into the same thread and poses as legitimate," Ms Saceanu explained.

"The problem is that the apps don't verify the senders so they don't separate the incoming messages. The lesson to be learned is that text messages can no longer be used as a trusted source."

So who's to blame here? The bank, the telecommunications provider or the consumer?

Ms Saceanu said it was primarily the responsibility of the bank to ensure that their security is up to scratch and that the necessary tests are carried out to verify the rigour of the third party applications that they use.

"The way we see it, it's a threefold issue. The bank needs to do the necessary due diligence on the text applications that they use to communicate with customers. Part of the responsibility also lies with the carrier, but the issue is not that easy to uncover because the system - the GSM protocol - is broken."

The consumer, she said, also had a responsibility to make themselves aware of the differences between legitimate and non-legitimate correspondence, although the lines had been blurred by the growing sophistication of scams.

"This one appears to be just a regular 'smish', which means it randomly goes out to phone numbers in Ireland," Mr Schrott explained.

The banks periodically implement new security procedures for safer card payments, he said, and they have to regularly update them.

However, there was also an onus on consumers to educate themselves on such threats and understand the responsibility they bear for information they store and impart over their phones.

"Most people have antivirus software on their laptops, but few have it on their phones, even though they use them to do online banking, shopping and so on. Most have credit card details stored on their phones for certain services. Many don't think that makes them vulnerable and they don't have the necessary protections."

In light of recent events, Bank of Ireland launched a campaign to raise awareness of scams that are circulating, admitting that it could do more on the awareness front.

In recent weeks, the Financial Services Ombudsman and the Revenue Commissioners warned the public of scams that were using their brands. AIB and Permanent TSB issued warnings to customers to be vigilant for smishing attacks similar to the Bank of Ireland one.

"It's another form of crime and we've lived with crime since the dawn of mankind. You don't think it's a big fuss to lock your door or mind your wallet," Mr Schrott said.

"For regular crime we adopt a protective posture. We have to adopt the same mentality for online crime."