Email fraud cost Irish SMEs nearly €10m last year

FraudSMART says the total scammed from small to medium-sized firms increased by 23.8% year-on-year during 2023

Fri, 12 Jul, 2024 - 00:00

Ronan Smyth

Small and medium-sized businesses’ losses through email-related scams increased by 23.8% year-on-year to nearly €10m during 2023 as banking representatives urged companies to have fraud awareness training in place for employees.

The majority of cases are said to be invoice-redirection scams. This is where a business will receive a fraudulent email claiming to be from an existing supplier or creditor requesting that they change the bank account into which they are paid.

This way future payments will be sent to this new bank account controlled by the fraudster. These approaches can be made over the telephone, by letter, fax, and by email.

New data from fraud awareness initiative FraudSMART shows €9.9m was lost by SMEs during 2023 through these kinds of scams as well as chief executive impersonation scams.

Chief executive impersonation fraud takes place when an email purporting to be from the chief executive or a senior member of the team is sent to the finance team requesting that an urgent payment be made to a supplier or another third party or in some cases to the senior member themselves.

BPFI head of financial crime Niamh Davenport said SMEs can be particularly vulnerable compared to larger firms due to more limited resources and less investment in security infrastructure. Picture: Naoise Culhane

The average amount lost through these scams last year stood at €12,000.

Banking and Payments Federation Ireland head of financial crime Niamh Davenport said these scams can be “devastating for a small company” as they often have limited resources to deal with these instances.

“Unfortunately, while fraudsters target businesses of all sizes, SMEs can be particularly vulnerable compared to larger companies due to more limited resources, less investment in security infrastructure, as well as lower financial buffers to withstand any losses,” she said.

“Fraudsters take advantage of busy work schedules and create a sense of urgency in the hope that an employee will react without thinking and won’t take the time to do necessary checks.”

The Irish SME Association (ISME) chief executive Neil McDonnell said “no business is immune” to this type of same and the “consequences can be catastrophic”.

“I urge all SMEs and their employees to review their current payment policies and procedures.

I would also encourage businesses to put training in place for employees to ensure they are constantly aware of current fraud risks and how to avoid falling victim to scammers.

The BPFI said that if a small company receives an email from a supplier asking to change the bank account details for payments, they should check with them independently of the email, preferably over the phone.

“If you suspect that your business may have fallen victim to fraud, don’t delay, talk to your bank and to gardaí as soon as possible,” Ms Davenport said.

Throughout 2023, almost €100m was stolen by fraudsters through scams — an increase of 16% compared to 2022.

These include fraud perpetrated on consumers as well as businesses.

According to FraudSMART, card fraud accounted for 95% of fraudulent transactions and 36%, €35.2m, of gross fraud losses in 2023. This represents an increase of 8.2%.

One of world's 'largest online scams' catches out over 800,000 European shoppers

Séamas O'Reilly: If it feels like scams are thick on the ground - it's because they are

CONNECT WITH US TODAY