Phishing Scams Targeting Irish Bank and Revenue Customers
Irish consumers are targeted by phishing attacks impersonating AIB, Bank of Ireland, Revolut, Revenue Commissioners, and An Post, using SMS spoofing and cloned login portals to capture banking credentials and Revenue MyAccount access.
Part of: Phishing
Last reviewed: 1 June 2026
Ireland's highly digitalised banking environment — with most current account customers using mobile banking — creates a rich target for phishing operations. Bank of Ireland, AIB, and Revolut are among the most impersonated brands in Irish smishing campaigns, alongside Revenue Commissioners (tax) portals and An Post parcel notifications.
The Competition and Consumer Protection Commission (CCPC) and the Banking Payments Federation Ireland (BPFI) run active fraud awareness campaigns, but phishing volumes continue to increase, particularly around tax filing deadlines and post-Christmas parcel delivery periods.
How this scam works on Ireland
Victims receive SMS messages appearing to come from AIB or Bank of Ireland warning of a suspicious transaction or account restriction. A link leads to a convincing clone of the bank's login page. Submitting credentials and OTP gives the attacker immediate account access and the ability to authorise outgoing payments.
Revenue phishing targets MyRevenue account credentials. Fake Revenue Commissioners SMS or email claim the recipient is due a refund and must log in to claim it, or owes a balance payable via a link. The credentials captured allow access to tax return history and sometimes bank account details associated with the Revenue profile.
Revolut phishing exploits the app's popularity for everyday payments: fake account verification messages target younger users who may be less cautious about financial security.
Common red flags
- Bank SMS with a link claiming your account has been flagged or a suspicious transaction is pending
- Revenue Commissioners SMS or email claiming a tax refund is available via a link
- Login page whose URL differs from the bank's official domain by a single character or added word
- Request for your full card details to verify a Revolut or bank account via a link
- An Post delivery notification requesting payment via a link rather than through An Post's official app
How to protect yourself
- Access all banking services through the official bank app — never via a link in an SMS or email
- Revenue Commissioners communicate through myaccount.revenue.ie — always navigate there manually
- Enable strong authentication on all banking apps and Revolut
- Report suspicious SMS messages to your bank's fraud line immediately
- Contact Garda Siochana's Cybercrime Unit or the CCPC if you submitted credentials
How to report it
- Report to your bank's 24-hour fraud line immediately
- Report to An Garda Siochana at garda.ie
- File a complaint with the CCPC at ccpc.ie/consumer/contact-us
Frequently asked questions
Does Revenue Commissioners ever contact customers via SMS with refund links?
Revenue Commissioners does not send SMS or email messages with clickable links requesting login or payment. Official Revenue communications are available through myaccount.revenue.ie. Any SMS claiming to be from Revenue with a link is a phishing attempt and should be reported to Revenue at [email protected].