The Garda Bureau of Fraud Investigation says that so far up to 14 cases of the fraud have been detected.
If they had not been identified early, up to €5m could have been lost by those businesses alone. As it stands €100,000 has been stolen from them.
“A number of such bodies based around the country have received fraudulent instructions in the recent weeks via email or letter which instructed them to record new account details for their various clients,” a Garda spokesman said.
“There is no pattern in the fraudulent account details as they involve different financial institutions in both Ireland and the UK.
“As a result of the various businesses having received these fraudulent instructions, these businesses transferred money to the various bank accounts in payment of due debts.
“However, due to the vigilance of the various financial institutions, most of the money was either prevented from having been sent in the first instance or recovered.”
According to the Banking and Payments Federation Ireland, victim companies may receive an email purporting to be from an existing creditor. The email contains a letter which notifies the company of new bank details to which all new payments should be made.
To make it appear more authentic, the email will often be in the name of someone the receiver has been dealing with.
However, the criminal will have created a bogus email address which will often very closely resemble that person’s normal address.
Perhaps only the “dot” in between the person’s first and surname will have been removed.
“Fraudsters may then submit bogus invoices,” it said. “These invoices [and any covering letters] may appear to be printed on company headed paper but are more likely scanned copies from an original document and printed onto paper using a domestic printer, so the company logo may appear less sharp and slightly blurred.”
The payments are then diverted to an account under the fraudster’s control.
The Garda Bureau of Fraud Investigation has requested that all businesses conduct an immediate review of any instructions they received from customers involving a request for a change of account details.
“As a security precaution it should be confirmed by verbal contact with the relevant financial control person in each business that purportedly sent change of account instructions as to whether they were genuine instructions or not,” it said.
“Where any business suspects that such an attempt was made or indeed where they have received such a request, they should immediately contact their local Garda station and their bank.”