More than €10m stolen from Irish businesses in 2020 through invoice redirection fraud
Source: Irish Independent / Conor Feehan
More than €10m was stolen from Irish businesses in 2020 using sophisticated invoice redirect frauds, where scammers send an email purporting to be from a supplier requesting payment of an invoice or transfer of funds.
An unwitting company then makes the payment in the belief it is to a genuine supplier, but instead the money is redirected into mule accounts abroad and laundered.
In many instances the business does not know it is a victim of this crime until sometime later when the legitimate supplier sends a reminder invoice for payment. Victims of invoice redirect fraud range from very small businesses to large corporations.
The consequences of falling for a scam of this nature can be catastrophic for any business and can result in the closure of businesses and redundancies.
As part of fraud awareness week gardai have warned companies that any communication from a supplier that their bank account details have been changed should be treated with suspicion.
“Contact the supplier using your own trusted contacts or a telephone number you have researched independently. Don’t trust the phone number on the email because it may just link back to the scammers,” said a garda spokesperson.
“Ensure staff take great care and attention each time they are asked to change bank account details. Check the IBAN number – what country is it in? IBANs can be checked by doing a very quick google search. Check the URL and the spelling.
“Verify the email address is spelt correctly and check the URL hasn’t been changed from ‘.ie’ to ‘.com’ for example. This could be a sign that a fraudster is trying to replicate the details of a company.”
One firm in Ireland who processed a payment of more than €600,000 for the purchase of a product found the funds were redirected using a false email request and were transferred into ‘money mule’ accounts in Ireland, The EU and Hong Kong.
Financial Intelligence Units (FIU) across these jurisdictions are now working together, alongside Interpol Financial Crimes Department, to try to retrieve the proceeds of this crime.
Last month a company received an expected invoice via email from a legitimate company in The Netherlands as part of an ongoing business deal. However the Dutch company’s email had been compromised and the invoice subsequently proved to be false.
The invoice provided details of an account held at an Irish Bank as the remittance bank for the payment transfer. The Irish FIU at Garda National Economic Crime Bureau (GNECB) alerted the Irish Bank and the account was frozen as a result. The account holder was subsequently arrested and is currently before the courts charged with Money Laundering offences.
The GNECB today advised all relevant employees should receive training in relation to avoiding this type of scam.
“At the moment many people are working from home and some are performing roles, they don’t usually do. They are also working from a more safe and secure environment and could be minding children at the same time. This could mean that they are not as wary as they would be in a work environment and they do not have colleagues close by to confer with,” said the garda spokesperson.
“It is also imperative that where staff are using private computers and laptops for work purposes from their homes that the antivirus software is kept up to date,” they added.
Comment: With the current challenges that SME’s and business’s in Ireland are facing Invoice fraud redirection is certainly one that is not needed. Ensure your staff are extra vigilant when processing payments and make all staff aware of the risks and steps needed to avoid it happening.