Irish SMEs duped out of nearly €10m by email scams in 2023

Banking and Payments Federation of Ireland says majority of cases are invoice redirection scams where fraudsters impersonate trusted suppliers

The majority of cases related to invoice redirection scams, said Niamh Davenport, head of financial crime at the BPFI.
The majority of cases related to invoice redirection scams, said Niamh Davenport, head of financial crime at the BPFI.

Businesses are being urged to review their payment policies after small and medium enterprises (SMEs) were conned out of almost €10 million by email scammers in 2023, according to Fraudsmart.

The body, an awareness initiative of the Banking and Payments Federation of Ireland (BPFI), said there was a sharp 23.8 per cent rise in the number of email scams reported last year with businesses losing an average of €12,000 in each case.

The majority related to invoice redirection scams, said Niamh Davenport, head of financial crime at the BPFI.

“These often start with what appears to be a legitimate email from a supplier known to the business advising of new bank details for payment, but which has been hacked or closely copied by fraudsters. This can create a false sense of security and make it difficult for businesses to detect,” she said.

READ SOME MORE

While fraudsters target businesses of all sizes, SMEs are particularly vulnerable. “Fraudsters take advantage of busy work schedules and create a sense of urgency in the hope that an employee will react without thinking and won’t take the time to do necessary checks.”

In total, SMEs lost €9.9 million through email-related scams last year. Neil McDonnell, chief executive of lobbying group ISME, said businesses must stay vigilant and review their own processes in the face of heightened fraud risk.

“Unfortunately, no business is immune to this type of scam and the consequences can be catastrophic,” he said. “I urge all SMEs and their employees to review their current payment policies and procedures. I would also encourage businesses to put training in place for employees to ensure they are constantly aware of current fraud risks and how to avoid falling victim to scammers.”

Ms Davenport said: “Our single biggest piece of advice if you receive an email from a supplier asking to change their bank account details for payments, is to pick up the phone, using a number that you are familiar with or from a trusted source such as the official supplier website, and check directly with the supplier if the request is genuine and the details are correct.”

Business owners that suspect they may have fallen victim to a scam are urged to talk to their bank and the gardaí as soon as possible.

Ian Curran

Ian Curran

Ian Curran is a Business reporter with The Irish Times