Small firms were conned out of €8m last year as a result of cases of invoice and so-called CEO impersonation fraud.
The Banking and Payments Federation Ireland’s (BPFI) FraudSMART campaign is warning businesses of a heightened risk of financial scams, particularly because of the increasing prevalence of working from home.
Recent research by the Small Firms Association (SFA) shows that nearly half of businesses reported being targeted by such fraudsters over the past year.
“Cybercriminals are always looking for new ways to steal information and money and they take advantage of busy work schedules to create an unnecessary sense of urgency in the hope that businesses won’t take the time to do the necessary checks,” said Niamh Davenport, Head of Financial Crime at the BPFI.
“Covid-19 forced many businesses to adopt a hybrid work model under pressurised circumstances, which has added another layer of risk,” she said.
“For many, the speed of change to work from home practices didn’t allow time to put in place sufficient precautions and processes, training for staff or appropriate and robust security systems suitable for remote work,” she added.
This has led to an increase in CEO impersonation fraud over the past two years in particular, she added.
“These scams are easier to fall victim to when working from home as the employee is unable to see if the CEO or executive is in their office or check verbally with a colleague,” Ms Davenport claimed.
CEO impersonation fraud involves an email purporting to be from a CEO or senior member in a company being sent to the finance or payment team requesting a payment be made to a supplier or another third party, or in some cases to the senior member themselves.
In one recent case, when the email account of a company treasurer was compromised, a series of cleverly timed written communications almost resulted in the fraudulent transfer of €20,000.
While invoice redirection fraud occurs when a business receives a fraudulent email claiming to be from existing a supplier or creditor or in some incidents staff within the company.
The fraudster seeks to have the bank details for the payment of future invoices changed or requests that a payment should be made into a certain account.
The increase in incidents has prompted the launch of a new fraud prevention guide by the BPFI and SFA.
Advice for businesses includes securing devices with antivirus software, firewalls and encryption and establishing clear policies and procedures.
Firms should also use two factor authentication and limit access to sensitive information.
Training on cyber security is also key, the advice states, while employees are urged to keep their home Wi-Fi, work laptop and smartphone secure and avoid using public Wi-Fi.
They are also being advised that if they receive an unusual email from a senior member of their organisation they should contact them using a known email or phone number.
“Amid the cost of doing business crisis, rising inflation, and increasing energy costs, it’s more important than ever to protect small businesses’ financial health,” said Elizabeth Bowen, Public Affairs Lead with SFA.
The guide is being launched today at an event by the Minister for Enterprise, Trade and Employment, Simon Coveney.