Gardai warn about fraudulent emails swindling Irish firms out of hundreds of thousands

Gardai are warning about fraudulent emails that are swindling individual Irish companies out of hundreds of thousands of euro.

The scams are known as “invoice redirect fraud” or “CEO fraud”.

“In recent weeks there has been a noticeable increase in this type of crime,” a garda spokesperson said.

“Criminals have succeeded in defrauding companies for very substantial amounts of money. One company lost over €200,000, another lost almost $500,000. Many people and businesses have lost smaller amounts of money. Everyone should treat any request to change bank account details with extreme caution.”

In this type of fraud, the scammer poses as a trusted supplier or a company executive, often hacking or mimicking an established company email address or mobile number. The criminal then dupes other legitimate company officers into transferring sums of money to bogus accounts they’ve set up. They carry this off often by posing as a supplier that has ‘changed’ its bank account details.

Irish organisations to be caught in such scams include Trinity College Dublin, which was hit for almost €800,000 in this way in 2017.

Gardai are advising small businesses to pay extra attention for email requests that appear to come from a regular contact but which require a change in bank account details for payment.

“If you are not sure pick up the phone and speak to someone in the invoicing company,” said Detective Chief Superintendent Pat Lordan, of the Garda National Economic Crime Bureau.

“Victims of Invoice Redirect Fraud range from very small businesses to large companies and the consequences of falling for a scam of this nature can be catastrophic and result in the closure of businesses and redundancies.”

A recent survey by Behaviours and Attitudes polling company, using Central Statistics Office data, found that 21pc of Irish SMEs were targeted for invoice redirection fraud in 2018, with about a third targeted for financial fraud generally.

Of these, the survey found that one in 18 of the attempts were succeeded.

Overall, a total of 4,257 Irish companies found themselves hit by some sort of IT-based scam in 2018, with email phishing (72pc) still the most common form of attack. ‘Vishing’, which is similar to phishing except using a phone, was experienced by 26pc of victims with just over a fifth seeing an invoice redirection scam get to them.

One big problem that Irish companies have is that over a third don’t look to confirm the veracity of claimed new bank details from a supplier. And only one in four say they have invested in fraud detection software.

Even sophisticated tech giants get caught by fraud. Facebook and Google between them saw close to $100m (€89m) drained away in 2015 using a series of forged invoices, contracts and letters that appeared to have been executed and signed by executives at the multinational firms. Earlier this year, a Lithuanian man pleaded guilty in a US court to the fraud.

See the full article by Adrian Weckler of on;


Peace of mind with the
right insurance cover