Gardaí are warning employees to be vigilant about fraudulent email payment requests as they announced so far in 2023 €6.5 million has been stolen.
In 2022, almost €11 million was stolen from companies based in Ireland with a decrease of 23 per cent to date in 2023.
The number of reports of business email compromise fraud is 158 to date in 2023 compared to a total of 257 for 2022 (a drop on 2021 figures)
Gardaí said in most cases, money is transferred abroad, and the victims range from very small businesses to large corporations.
An Garda Síochána said they are warning people in any business setting to be very wary of sending payments online, especially when asked to send money to "new bank account numbers”
While the amount of business email compromise fraud has fallen in 2023, people are still working in remote settings (e.g., working from home) and may not be as wary as they may be in a work environment where they can also confer with colleagues close by.
However, reassuringly, the downward trend continues, with a drop of 23 per cent so far in 2023, in this type of fraud showing that the message is landing, yet almost €7 million so far this year has reached the pockets of mostly international organised crime gangs.
Business email compromise fraud, also known as invoice re-direct fraud, is where a fraudster sends an email to an individual or a business pretending to be a supplier and asks for an invoice to be paid immediately, usually to a new bank account because "they’ve changed bank”.
They provide a new IBAN and BIC code for this new account and often the target does not know that it has been a victim of a crime until sometime later when the legitimate supplier sends a reminder for invoice payment.
To do this, fraudsters might send an email with a spoof email address, a ‘spear phishing’ email (an email that looks like it’s from a trusted source), or use malware to take over a legitimate business email account and send an email from that.
In most cases, the money stolen is transferred abroad; in some larger cases, data is also stolen. Another related issue is the proceeds of these crimes abroad being laundered through bank accounts in Ireland.
They said positive examples of cases where money was recovered from Business Email Compromise (BEC) fraud in Ireland include:
- Case 1: Complaint by company that over €98,000 was stolen in a BEC fraud and transferred to a bank account in Portugal - working with the financial institution, the payment was cancelled and all the money was recovered;
- Case 2: Over €149,000 stolen in a BEC from a victim buying an apartment in Spain. Money was laundered through an account in Spain. Working with the financial institution GNECB was able to recover nearly €76,000 laundered through a secondary account in Spain.