Irish SMEs lost €10m through email-related scams

FraudSMART calls on Irish businesses to remain vigilant as digital crime soars.

Irish SMEs lost almost €10m (€9.9m) through email-related fraud in 2023, according to new figures from FraudSMART.

The fraud awareness initiative led by Banking & Payments Federation Ireland (BPFI) showed that SMEs lost this amount through email-related fraud scams, including invoice redirection and CEO impersonation.

“If you suspect that your business may have fallen victim to fraud, don’t delay, talk to your bank and to Gardaí as soon as possible”

The figures come as FraudSMART joins forces with the Irish SME Association (ISME) to urge SMEs to be on the alert and put measures in place to protect their business.

Counting the cost of scams

“We have seen a jump of almost 25% (23.8%) in email-related fraud targeted at SMEs last year,” said Niamh Davenport, head of Financial Crime at BPFI.

“These scams can be devastating for a small company with average losses of €12,000. The majority of cases we’ve seen are invoice-redirection scams. These, often start with what appears to be a legitimate email from a supplier known to the business advising of new bank details for payment, but which has been hacked or closely copied by fraudsters. This can create a false sense of security and make it difficult for businesses to detect.

“They usually don’t request any payment upfront but ask for the bank account details on file to be changed for future invoice payments and provide a new IBAN and BIC code for the ‘new account’. When a legitimate invoice is issued by the supplier the business ends up paying it into the ‘new account’ controlled by the fraudster and it’s often only some time later when a payment reminder is sent by the supplier that the scam is detected.”

Davenport added: “Unfortunately, while fraudsters target businesses of all sizes, SMEs can be particularly vulnerable compared to larger companies due to more limited resources, less investment in security infrastructure as well as lower financial buffers to withstand any losses. Fraudsters take advantage of busy work schedules and create a sense of urgency in the hope that an employee will react without thinking and won’t take the time to do necessary checks.”

SMEs are the backbone of the Irish economy

Minister for Enterprise, Trade and Employment Peter Burke said that SMEs are the backbone of the Irish economy economy, accounting for more than two-thirds of business employment in Ireland, according to the CSO.

“Over 92% of SMEs are what we call micro enterprises, employing less than 10 people, and while these businesses have demonstrated remarkable resilience in the face of recent challenges such as inflation, energy costs and Covid-19, unfortunately, they are often the most vulnerable to business-related fraud. It is vitally important that business owners and employees are aware of the risks that fraudsters pose and put the necessary measures in place.”

Calling on SMEs to remain vigilant, Neil McDonnell, CEO, ISME added: “Unfortunately, no business is immune to this type of scam and the consequences can be catastrophic. I urge all SMEs and their employees to review their current payment policies and procedures. I would also encourage businesses to put training in place for employees to ensure they are constantly aware of current fraud risks and how to avoid falling victim to scammers. FraudSMART provides a free guide with information and tips on business fraud and that’s a good place to start.”

Tips to help protect your business from frau

“Our single biggest piece of advice if you receive an email from a supplier asking to change their bank account details for payments, is to pick up the phone, using a number that you are familiar with or from a trusted source such as the official supplier website, and check directly with the supplier if the request is genuine and the details are correct,” Davenport urged.

“If you suspect that your business may have fallen victim to fraud, don’t delay, talk to your bank and to Gardaí as soon as possible.”

Top tips to protect your business from fraud:

  1. Policies and procedures –ensure a verification process is in place for requests to change supplier bank account details. Use trusted contact details already on record or a contact number on the company’s website. Do not to use the contact details on an email requesting the change as these could be fraudulent or controlled by a fraudster.
  2. Dual authorisation – ensure that two people from the business are required to complete a third-party payment electronically.
  3. Fraud awareness and training– ensure staff are given appropriate training on cyber security with a focus on email-related fraud / phishing emails.
  4. Invoice checking– review invoices thoroughly and ensure there are no irregularities including misspellings and grammatical errors.
  5. Updated operating systems– ensure that the latest updates for your computer and mobile operating systems are up-to-date and set them to automatically update.

Businesses can download a free copy of the FraudSMART ‘Protect your business from fraud’ guide and sign up to fraud alerts on the FraudSMART website where they can also find a wealth of other information on fraud types and prevention advice.

  • Bank of Ireland is welcoming new customers every day – funding investments, working capital and expansions across multiple sectors. To learn more, click here

ThinkBusiness
ThinkBusiness.ie, powered by Bank of Ireland, has been created for Irish business owners and managers who are seeking information, resources and help on a range of business topics. It provides practical, actionable information and guidance on starting, growing and running a business.

Recommended