Issue Date: 17th November 2023
Fraud Awareness: An Garda Síochána warn employees about fraudulent email payment requests
• In 2022, almost €11 million was stolen from companies based in Ireland with a decrease of 23% to date in 2023
• In 2023, up to end Sept about €6.5 million was stolen
• The number of reports of business email compromise fraud is 158 to date in 2023 compared to a total of 257 for 2022 (a drop on 2021 figures)
• In most cases, money is transferred abroad
• Victims range from very small businesses to large corporations
An Garda Síochána is warning people in any business setting to be very wary of sending payments online, especially when asked to send money to "new bank account numbers” While the amount of business email compromise fraud has fallen in 2023, people are still working in remote settings (e.g., working from home) and may not be as wary as they may be in a work environment where they can also confer with colleagues close by. However, reassuringly, the downward trend continues, with a drop of 23% so far in 2023, in this type of fraud showing that the message is landing yet almost €7 million so far this year has reached the pockets of mostly international organised crime gangs.
What is business email compromise fraud?
Business email compromise fraud, also known as invoice re-direct fraud, is where a fraudster sends an email to an individual or a business pretending to be a supplier and asks for an invoice to be paid immediately, usually to a new bank account because "they’ve changed bank”, etc. They provide a new IBAN and BIC code for this new account and often the target does not know that it has been a victim of a crime until sometime later when the legitimate supplier sends a reminder for invoice payment.
To do this, fraudsters might send an email with a spoof email address, a ‘spear phishing’ email (an email that looks like it’s from a trusted source), or use malware to take over a legitimate business email account and send an email from that. In most cases, the money stolen is transferred abroad; in some larger cases, data is also stolen. Another related issue is the proceeds of these crimes abroad being laundered through bank accounts in Ireland.
Examples of business email compromise fraud:
As part of Operation Skein (launched in June 2020 to tackle international business email compromise fraud), GNECB identified an International organised crime group operating from and within Ireland targeting businesses all over the world and have stolen and laundered over €70 million in the past few years, resulting in 100s of suspects being arrested and prosecuted.
GNECB continues to work with financial institutions to put new systems in place for the reporting of money laundering and money mules. The co-operation of financial institutions has been second to none and the success of this operation could not have been achieved without this support.
GNECB continues to also work with international law enforcement partners through Interpol and Europol and are part of the Interpol led international operation HAECHI. The aim of this operation is to recover money stolen in one jurisdiction and laundered through another.
Positive examples of cases where money was recovered from Business Email Compromise (BEC) fraud in Ireland include:
• Case 1: Complaint by company that over €98,000 was stolen in a BEC fraud and transferred to a bank a/c in Portugal - working with the financial institution, the payment was cancelled and all the money was recovered.
• Case 2: Over €149,000 stolen in a BEC from a victim buying an apartment in Spain. Money was laundered through an a/c in Spain. Working with the financial institution GNECB was able to recover nearly €76,000 laundered through a secondary a/c in Spain.
• Case 3: Over €95,000 stolen in a BEC in USA in early April 2023 and laundered through an a/c in Ireland. Working with the financial institution, GNECB was able to freeze and recover over €91,000.
• Working with the banks, in 7 different cases involving Irish Companies, where over €475,000 was stolen, over €400,000 was recovered by the GNECB.
• Working with international law enforcement through Op HAECHI, GNECB has actioned 43 requests, where €6.7million was stolen and to date, €2.7million has been recovered.
How to avoid business email compromise fraud?
• Always be suspicious when asked to send money to a new bank account – delay the transfer while you phone the company to double-check if the bank account has changed (and ensure you’re not dealing with a fraudster)
• Any time you are asked to change bank account details on a system, check the location of the IBAN (via a Google search), check the URL and the spelling
• If employees are using personal computers/laptops to work from their homes, it is imperative their antivirus software is kept up to date.
• Businesses should have robust policies and procedures in place to deal with payment requests of this nature (e.g., multiple decision-makers to approve payment or a step to contact a trusted person at the supplier to verify the request. They should also review all existing business relationships regularly and put defensive policies and procedures in place
• Remember, if caught out, ask your bank to do a recall ASAP then report the fraud to Gardaí.
Speaking at today’s briefing Detective Superintendent Michael Cryan of the Garda National Economic Crime Bureau said:
"Unfortunately, no business is immune to this type of scam - the victims of business email compromise fraud range from very small businesses to large corporations. The consequences of falling for a scam such as this can be catastrophic and may even result in the closure of businesses and redundancies. All employees should be aware of this fraud and receive training to avoid this type of scam. If in any doubt, delay the transfer and report any suspected fraud to your bank and to Gardaí as soon as possible – early reporting can be the difference between recovering most of the funds versus very little.”
Gardaí are advising members of the public who believe they are a victim of business email compromise fraud to contact any Garda Station and report the crime.