Small and medium-sized Irish businesses lost almost €19 million in email-related scams over the past two years.
New figures published by FraudSMART show that companies impacted suffered average losses of more than €22,000.
FraudSMART, an initiative developed by Banking & Payments Federation Ireland (BPFI), has launched a new fraud awareness campaign in conjunction with ISME, the Irish SME Association.
It said invoice redirection and CEO impersonation scams remain the top fraud threats to businesses.
FraudSMART said invoice redirection scams account for the majority of the deception cases.
The scam often starts with what appears to be a legitimate email from a supplier known to the business, but which has been hacked or closely copied by fraudsters.
They usually do not request any payment upfront but claim to have moved to a new bank account and ask for their payment details to be updated on the system for future invoices.
FraudSMART said CEO impersonation, while not as prevalent, can be even more deceptive.
Those scams are cases where fraudsters impersonate a company's senior executive in order to convince an employee to disclose sensitive information or make an unauthorised financial transaction.
Head of Financial Crime at BPFI Niamh Davenport said the scale of email-related scams targeting Irish SMEs is "deeply concerning".
She said a recent survey conducted by the federation with ISME found that more than two thirds (67%) of SMEs said they have been targeted by a financial scam in the last 12 months.
78% received an unexpected or urgent request that raised suspicion.
Most attempted scams are coming through email (88.4%) as well as phone calls (51.2%) and text messages (48.8%).
Ms Davenport said fraudsters are increasingly combining the channels - following up an email with a phone call or text message - "to create a greater sense of urgency and legitimacy".
"Reassuringly, the majority (80%) of businesses who have received unexpected or urgent requests report taking actions to independently verify the requests before taking any action."
However, she said it is concerning that "more than half (53%) of businesses report not having fraud awareness guidelines and training in place for employees, leaving their business exposed".
ISME Chief Executive Neil McDonnell described the findings of the survey as "a stark reminder that fraud is now a day-to-day business risk for SMEs".
He said falling victim to scams is "not only financially damaging but can fundamentally undermine trust within a business".
"Employees in particular, are often the ones targeted by fraudsters and therefore need to be supported to play a key role in fraud prevention," he added.
Mr McDonnell said the good news is that prevention does not have to be complicated.
"Putting in place simple controls such as verifying any change to supplier bank details, introducing dual approval for higher value payments, and making sure every member of staff knows the warning signs can make a real difference."
As part of the efforts to protect against scams, FraudSMART has produced a free guide with information and tips on business fraud.
It is advising businesses to ensure a verification process is in place for requests to change supplier bank account details.
Two people are required from the business to approve any third-party payment electronically and ensure staff are given appropriate training on email-related fraud/phishing emails.
It also recommends reviewing invoices thoroughly and ensuring there are no irregularities.
Ensure that the latest updates for your computer and mobile operating systems are up-to-date and set them to automatically update.
FraudSMART is also advising to avoid sharing too much personal information on social media.
