SMEs are today being warned of the increased risk of invoice related scams as fraudsters continue to take advantage of the current pandemic by targeting Irish businesses.
The warning from Banking Payment Federation Ireland's fraud awareness programme FraudSMART comes as An Garda Siochana said €10.5m was lost to Irish businesses as a result of invoice fraud last year.
The BPFI's Head of Fraud Prevention, Niamh Davenport, said that invoice fraud is one of the biggest fraud threats facing businesses over the last 12 months and one which can be particularly devastating for SMEs.
Niamh Davenport explained that invoice fraud is mainly carried out via email.
It occurs when a business receives an email pretending to represent one of their existing suppliers or creditors and told that bank account details for the payment of future invoices should be changed or made to a different account.
"The request may look authentic, it may appear to be authentic, but on close examination it is a scam," she said.
"If the request is acted upon, the next legitimate payment will be made directly to the fraudster's account," she said.
She said that while businesses are aware of the threat that financial fraud poses, there appears to be complacency among some businesses around putting proper guidelines and procedures in place to combat it.
But she said that protecting a business from invoice fraud does not have to be a costly task, adding that a few low-cost measures can help prevent it from happening.
BPFI today detailed two case studies of how invoice fraud affected two companies here.
Case study 1 - An Irish SME received an email from a UK supplier with their new bank account details. The business subsequently received and completed an invoice making a payment of €28,000.
However, when they contacted the company in the UK to check if they had received the payment, it emerged that the UK company's email account had been hacked and the email with new bank account details was fake.
The customer reported the fraud to their bank in an attempt to do a recall however the account into which the money was paid had been closed and all the funds withdrawn.
There was three days between when the payment was made and when the fraud was reported to the bank. The Irish company lost the full amount.
Case Study 2 - An Irish agricultural business was purchasing farming machinery and sent a deposit of €15,000 to the manufacturer. All was in order and the follow up for the balance was requested with payment to a different bank account number.
The employee overseeing the payment of the balance was covering for an employee on leave and had full access to payments.
The company's normal procedure was to follow up with the supplier and to separate inputter and approver codes on the online banking system, but this procedure was not followed on this occasion.
A balance payment of €50,000 was made however it was subsequently discovered the payment had been made to a fraudulent account.
The company left it for several days before reporting the matter to their bank who issued a payment recall however the money was gone from the account and the customer lost the full amount.