Gardai in Waterford are investigating after a company was conned out of €65,000 while buying a machine to manufacture personal protective equipment (PPE) from another firm in China, in a case of so-called invoice redirection fraud.
The Irish company was buying the machine late last month to make the PPE for the Health Service Executive.
After carrying out research it confirmed that the Chinese business it was purchasing the machine from was legitimate and then agreed to transfer a deposit to it.
But after this it received emails from fraudsters that purported to be from the Chinese firm that the deal had been made with.
The messages contained bank account details to which the deposit was to be moved.
On 27 May, €65,000 was transferred to the account.
Yesterday, the Irish firm's bank told them that they had been the victim of a fraud.
However, after Gardai in Waterford and the Garda National Economic Crime Bureau got involved, the misdirected payment was returned to the Irish company.
Gardai say transactions like this one can move very quickly and they’ve appealed to any organisations that fall victim to invoice redirection fraud to report it straight away.
They say even if it not possible to the money back, it may prevent others from falling victim.
According to Raluca Saceanu of leading managed security service provider Smarttech247 these attacks are targeted and typically start with a phishing email looking to steal credentials.
"These credentials are then used by the attackers to take over email accounts and substitute genuine banking details with fake accounts," he said.
"Also they can be emails coming from "spoofed" accounts posing as a supplier that has altered its bank account details. It is important to practice good cyber hygiene especially in times where we are all working from home."
That means changing your passwords regularly, he said and not using the same password for multiple accounts.
Understanding what phishing is and ways to prevent it, is also important Mr Saceanu added, as well as having email security protection in place.
Companies also need to be very vigilant when it comes to receiving urgent payment requests from their vendors or other suspicious activity, he said.