Irish SMEs lost €10m to email-related scams last year, report warns

12 Jul 2024

BPFI head of financial crime Niamh Davenport and Minister for Enterprise, Trade and Employment Peter Burke, TD. Image: Naoise Culhane Photography

FraudSmart said most of these incidents were invoice redirection scams and has urged SMEs to review their payment policies and take steps to protect themselves.

Ireland’s small and medium-sized enterprises (SMEs) lost nearly €10m from email-related scams in 2023, highlighting the risks that fraud can present to smaller businesses.

That’s according to a new report by FraudSmart – an initiative led by Banking and Payments Federation Ireland (BPFI) – which claims that a majority of these incidents were invoice redirection scams. This is an email that aims to trick a business into sending money to a fraud account, instead of its intended legitimate recipient.

BPFI’s head of financial crime Niamh Davenport said there was a 23.8pc increase in email-related fraud targeting Irish SMEs last year. She also highlighted that the impact can be “devastating” for a small business, as the average losses from successful scams are €12,000.

“Unfortunately, while fraudsters target businesses of all sizes, SMEs can be particularly vulnerable compared to larger companies due to more limited resources, less investment in security infrastructure as well as lower financial buffers to withstand any losses,” Davenport said.

“Fraudsters take advantage of busy work schedules and create a sense of urgency in the hope that an employee will react without thinking and won’t take the time to do necessary checks.”

Davenport said invoice redirection scams usually start with what appears to be a legitimate email from a supplier known to the business. This email will include new bank details for invoice payments, but these details have either been hacked or closely copied by fraudsters.

“When a legitimate invoice is issued by the supplier, the business ends up paying it into the ‘new account’ controlled by the fraudster and it’s often only sometime later when a payment reminder is sent by the supplier that the scam is detected,” she said.

As a result of the rise in scams, FraudSmart is urging businesses to review their payment policies and to give their staff fraud awareness training. Some tips to protect a business from these scams include having a verification process for requests to change supplier bank account details.

FraudSmart said SMEs should also ensure that two people from the business are required to complete a third-party payment electronically. Another tip is to check invoices thoroughly to ensure there are no irregularities.

“Our single biggest piece of advice if you receive an email from a supplier asking to change their bank account details for payments, is to pick up the phone, using a number that you are familiar with or from a trusted source such as the official supplier website, and check directly with the supplier if the request is genuine and the details are correct,” Davenport said.

“If you suspect that your business may have fallen victim to fraud, don’t delay; talk to your bank and to Gardaí as soon as possible.”

Earlier this year, FraudSmart warned that authorised push payment fraud rose by more than 25pc in the first half of 2023. These scams occur when someone is tricked into sending money to an account controlled by a criminal.

The report said this increase involved online and mobile banking transfers and that victims were conned out of €8.6m in the same period last year.

Find out how emerging tech trends are transforming tomorrow with our new podcast, Future Human: The Series. Listen now on Spotify, on Apple or wherever you get your podcasts.

Leigh Mc Gowran is a journalist with Silicon Republic

editorial@siliconrepublic.com