Irish small and medium-sized businesses (SMEs) have been losing close to €1 million a month in email-related fraud over the last two years, new figures suggest, with invoice redirection and chief executive impersonation scams the most common ways money has been stolen.
Businesses successfully targeted by cyber criminals lost an average of €22,000, amounting €18.9 million since 2024, according to FraudSMART, the fraud awareness initiative led by Banking & Payments Federation Ireland (BPFI).
It found that while 67 per cent of SMEs were targeted by scammers over the last 12 months, more than half had no specific fraud-awareness guidelines or training programmes in place.
“The scale of email-related scams targeting Irish SMEs is deeply concerning,” said the BPFI’s head of financial crime Niamh Davenport.
READ MORE
She noted that most cases start with what “appears to be a legitimate email from a supplier known to the business, but which has been hacked or closely copied by fraudsters”.
Are Government's fuel measures betting on a quick resolution to the conflict in Iran?
This week the Government introduced a €250 million package of measures to help businesses and households with their fuel bills over the next couple of months.But will it be enough? And is it merely a bet by Government on the Iran conflict being resolved quickly?Joining host Ciarán Hancock in studio to tease this out are Cliff Taylor of The Irish Times and Fergal O’Brien, director of lobbying and influence at employers group Ibec.But the episode starts with Irish times political correspondent Cormac McQuinn taking us through the various fuel measures introduced by Government. Produced by John Casey with JJ Vernon on sound.
These emails typically don’t ask for payment upfront but claim a supplier has moved to a new bank account, and ask for payment details to be updated for future invoices.
“When a legitimate invoice is issued by the supplier at a later date, the business ends up paying it into the ‘new account’ controlled by the fraudster,” Davenport said.
Chief executive impersonation scams, while not as prevalent, can be “even more deceptive”, she continued. These see fraudsters impersonate a company’s senior executive to convince employees to disclose sensitive information or make unauthorised financial transactions.
The vast majority of attempted scams come through email, although criminals also use voice calls and text messages to target potential victims. Davenport said that fraudsters are increasingly combining these channels, following up an email with a phone call or text message “to create a greater sense of urgency and legitimacy”.
[ ‘I feel so stupid’: Victim’s shame at falling for ‘classic’ €30,000 invoice scamOpens in new window ]
She said she was reassured that 80 per cent of businesses who have received unexpected or urgent requests “report taking actions to independently verify the requests – for example, contacting the person or organisation who has sent the request using a phone number or email address already on file, rather than using the contact details in the message received”.
However, she said it was a concern that 53 per cent of businesses who took part in the research reported not having fraud-awareness guidelines and training in place for employees.
“These findings are a stark reminder that fraud is now a day‑to‑day business risk for SMEs,” said Neil McDonnell of ISME, the Irish SME Association. “Falling victim to scams is not only financially damaging but can fundamentally undermine trust within a business. Employees in particular are often the ones targeted by fraudsters and therefore need to be supported to play a key role in fraud prevention.”
McDonnell noted that fraud prevention “doesn’t have to be complicated” and he said that putting in place simple controls “such as verifying any change to supplier bank details, introducing dual approval for higher‑value payments, and making sure every member of staff knows the warning signs can make a real difference”.
