SMEs lost almost €10m through email-related scams in 2023 as FraudSMART calls on businesses to remain vigilant
- Almost 25% increase in losses through email-related SME fraud compared to 2022
- Losses averaged at €12,000
- FraudSMART in partnership with ISME urges businesses to review payment policies and put fraud awareness training in place for employees
Friday 12th July – New figures from FraudSMART, the fraud awareness initiative led by Banking & Payments Federation Ireland (BPFI), show that small and medium enterprises (SMEs) lost almost €10m (€9.9m) through email-related fraud in 2023, including invoice-redirection and CEO impersonation scams. The figures come as FraudSMART joins forces with the Irish SME Association (ISME) to urge SMEs to be on the alert and put measures in place to protect their business.
Majority of cases are invoice-redirection scams with what appears to be a legitimate email from a supplier known to the business
Speaking on today’s figures and outlining the type of scams targeted at SMEs, Niamh Davenport, Head of Financial Crime, BPFI said: “We have seen a jump of almost 25% (23.8%) in email-related fraud targeted at SMEs last year. These scams can be devastating for a small company with average losses of €12,000. The majority of cases we’ve seen are invoice-redirection scams. These often start with what appears to be a legitimate email from a supplier known to the business advising of new bank details for payment, but which has been hacked or closely copied by fraudsters. This can create a false sense of security and make it difficult for businesses to detect. They usually don’t request any payment upfront but ask for the bank account details on file to be changed for future invoice payments and provide a new IBAN and BIC code for the ‘new account’. When a legitimate invoice is issued by the supplier the business ends up paying it into the ‘new account’ controlled by the fraudster and it’s often only some time later when a payment reminder is sent by the supplier that the scam is detected.”
Ms Davenport added: “Unfortunately, while fraudsters target businesses of all sizes, SMEs can be particularly vulnerable compared to larger companies due to more limited resources, less investment in security infrastructure as well as lower financial buffers to withstand any losses. Fraudsters take advantage of busy work schedules and create a sense of urgency in the hope that an employee will react without thinking and won’t take the time to do necessary checks.”
Businesses urged to review payment policies and put fraud awareness training in place for employees
Minister for Enterprise, Trade and Employment Peter Burke stated: “SMEs are the backbone of our economy, accounting for more than two-thirds of business employment in Ireland, according to the CSO. Over 92% of SMEs are what we call micro enterprises, employing less than 10 people, and while these businesses have demonstrated remarkable resilience in the face of recent challenges such as inflation, energy costs and Covid-19, unfortunately, they are often the most vulnerable to business-related fraud. It is vitally important that business owners and employees are aware of the risks that fraudsters pose and put the necessary measures in place.”
Calling on SMEs to remain vigilant, Neil McDonnell, CEO, ISME added: “Unfortunately, no business is immune to this type of scam and the consequences can be catastrophic. I urge all SMEs and their employees to review their current payment policies and procedures. I would also encourage businesses to put training in place for employees to ensure they are constantly aware of current fraud risks and how to avoid falling victim to scammers. FraudSMART provides a free guide with information and tips on business fraud and that’s a good place to start.”
Tips to help protect your business
Ms Davenport concluded: “Our single biggest piece of advice if you receive an email from a supplier asking to change their bank account details for payments, is to pick up the phone, using a number that you are familiar with or from a trusted source such as the official supplier website, and check directly with the supplier if the request is genuine and the details are correct. If you suspect that your business may have fallen victim to fraud, don’t delay, talk to your bank and to Gardaí as soon as possible.”
Top tips to protect your business from fraud:
- Policies and procedures – ensure a verification process is in place for requests to change supplier bank account details. Use trusted contact details already on record or a contact number on the company’s website. Do not to use the contact details on an email requesting the change as these could be fraudulent or controlled by a fraudster.
- Dual authorisation – ensure that two people from the business are required to complete a third-party payment electronically.
- Fraud awareness and training – ensure staff are given appropriate training on cyber security with a focus on email-related fraud / phishing emails.
- Invoice checking – review invoices thoroughly and ensure there are no irregularities including misspellings and grammatical errors.
- Updated operating systems – ensure that the latest updates for your computer and mobile operating systems are up-to-date and set them to automatically update.
Businesses can download a free copy of the FraudSMART ‘Protect your business from fraud’ guide and sign up to fraud alerts on the FraudSMART website where they can also find a wealth of other information on fraud types and prevention advice.