Episode 21
Almost €19 million lost by SMEs to email related scams over the past 2 years
Irish small and medium enterprises (SMEs) lost almost €19 million (€18.9m) over the past two years through email-related scams, according to new figures published today by FraudSMART, the fraud awareness initiative led by Banking & Payments Federation ...
Irish Tech News Audio Articles
March 30, 20267m 59s
Audio is streamed directly from the publisher (cdn.beyondwords.io) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.
Show Notes
Irish small and medium enterprises (SMEs) lost almost €19 million (€18.9m) over the past two years through email-related scams, according to new figures published today by FraudSMART, the fraud awareness initiative led by Banking & Payments Federation Ireland (BPFI). The figures come as Tánaiste Simon Harris launches a new FraudSMART SME fraud awareness campaign, in partnership with ISME and business owner and TV personality Brendan Courtney.
Invoice redirection and CEO impersonation scams remain top threats to businesses
Speaking on today's launch and outlining the types of scams targeted at SMEs, Niamh Davenport, Head of Financial Crime, BPFI, commented:
"The scale of email-related scams targeting Irish SMEs is deeply concerning, with FraudSMART members seeing average losses of over €22,000 per incident. The majority of cases we are seeing are invoice-redirection scams, which often start with, what appears to be, a legitimate email from a supplier known to the business, but which has been hacked or closely copied by fraudsters.
They usually don't request any payment up front but claim to have moved to a new bank account and ask for their payment details to be updated on the system for future invoices. When a legitimate invoice is issued by the supplier at a later date, the business ends up paying it into the 'new account' controlled by the fraudster. CEO impersonation scams, while not as prevalent, can be even more deceptive, where fraudsters impersonate a company's senior executive in order to convince an employee to disclose sensitive information or make an unauthorised financial transaction."
More than two-thirds of SMEs have been targeted with scams in the last 12 months, but less than half have any fraud awareness guidelines and training programmes in place for employees
Ms Davenport added: "According to a recent survey we conducted with ISME, 67% of SMEs say they've been targeted by a financial scam in the last 12 months, while 78% have received an unexpected or urgent request that raised suspicion. Most attempted scams are coming through email (88.4%), as well as phone calls (51.2%) and text messages (48.8%). Increasingly, fraudsters combine these channels – for example, following up an email with a phone call or text message – to create a greater sense of urgency and legitimacy."
"Reassuringly, the majority (80%) of businesses who have received unexpected or urgent requests report taking actions to independently verify the requests before taking any action – for example, by contacting the person or organisation who has sent the request using a phone number or email address already on file, rather than using the contact details in the message received. However, of concern is that more than half (53%) of businesses report not having fraud awareness guidelines and training in place for employees, leaving their business exposed."
Neil McDonnell, CEO of ISME, added:
"These findings are a stark reminder that fraud is now a day?to?day business risk for SMEs. More than three-quarters (77%) of ISME members who took part in the survey believe that financial fraud is a moderate or serious threat to their business. Falling victim to scams is not only financially damaging but can also fundamentally undermine trust within a business.
Employees, in particular, are often the ones targeted by fraudsters and therefore need to be supported to play a key role in fraud prevention. The good news is that prevention doesn't have to be complicated. Putting in place simple controls such as verifying any change to supplier bank details, introducing dual approval for higher?value payments, and making sure every member of staff knows the warning signs can make a real difference.
I would encourage all SMEs to put regular fraud training in place for their workforce. FraudSMART also provides a free guide with information and tips on business fraud, and that's a good place to start."
Tánaiste Simon Harris launches FraudSMART SME fraud awareness c...
Invoice redirection and CEO impersonation scams remain top threats to businesses
Speaking on today's launch and outlining the types of scams targeted at SMEs, Niamh Davenport, Head of Financial Crime, BPFI, commented:
"The scale of email-related scams targeting Irish SMEs is deeply concerning, with FraudSMART members seeing average losses of over €22,000 per incident. The majority of cases we are seeing are invoice-redirection scams, which often start with, what appears to be, a legitimate email from a supplier known to the business, but which has been hacked or closely copied by fraudsters.
They usually don't request any payment up front but claim to have moved to a new bank account and ask for their payment details to be updated on the system for future invoices. When a legitimate invoice is issued by the supplier at a later date, the business ends up paying it into the 'new account' controlled by the fraudster. CEO impersonation scams, while not as prevalent, can be even more deceptive, where fraudsters impersonate a company's senior executive in order to convince an employee to disclose sensitive information or make an unauthorised financial transaction."
More than two-thirds of SMEs have been targeted with scams in the last 12 months, but less than half have any fraud awareness guidelines and training programmes in place for employees
Ms Davenport added: "According to a recent survey we conducted with ISME, 67% of SMEs say they've been targeted by a financial scam in the last 12 months, while 78% have received an unexpected or urgent request that raised suspicion. Most attempted scams are coming through email (88.4%), as well as phone calls (51.2%) and text messages (48.8%). Increasingly, fraudsters combine these channels – for example, following up an email with a phone call or text message – to create a greater sense of urgency and legitimacy."
"Reassuringly, the majority (80%) of businesses who have received unexpected or urgent requests report taking actions to independently verify the requests before taking any action – for example, by contacting the person or organisation who has sent the request using a phone number or email address already on file, rather than using the contact details in the message received. However, of concern is that more than half (53%) of businesses report not having fraud awareness guidelines and training in place for employees, leaving their business exposed."
Neil McDonnell, CEO of ISME, added:
"These findings are a stark reminder that fraud is now a day?to?day business risk for SMEs. More than three-quarters (77%) of ISME members who took part in the survey believe that financial fraud is a moderate or serious threat to their business. Falling victim to scams is not only financially damaging but can also fundamentally undermine trust within a business.
Employees, in particular, are often the ones targeted by fraudsters and therefore need to be supported to play a key role in fraud prevention. The good news is that prevention doesn't have to be complicated. Putting in place simple controls such as verifying any change to supplier bank details, introducing dual approval for higher?value payments, and making sure every member of staff knows the warning signs can make a real difference.
I would encourage all SMEs to put regular fraud training in place for their workforce. FraudSMART also provides a free guide with information and tips on business fraud, and that's a good place to start."
Tánaiste Simon Harris launches FraudSMART SME fraud awareness c...