Criminals steal €4.5m from Irish firms so far this year with invoice scam
Almost €4.5m has been stolen by criminals from Irish businesses through invoice redirect fraud so far this year.
Gardaí are warning businesses to remind employees to treat any request to change bank account details "with extreme caution".
To date this year, more than €4.4m worth of invoice redirect fraud, also known as CEO fraud, has been reported to gardaí.
More than €2.27m was stolen in April alone - and in excess of €1.28m has been recovered by gardaí, financial institutions, financial intelligence units worldwide and foreign police forces.
CEO fraud sees criminals sending emails to businesses purporting to be one of their suppliers. The emails may contain a request to change the bank account details for a legitimate supplier to the criminals' bank account.
According to gardaí, the "supplier" then sends an invoice to the company seeking payment for goods or services.
The business then acts on the new banking instructions and sends the payment to the criminals' bank account.
In many cases, the business does not know it is a victim of invoice redirect fraud until the legitimate supplier sends a reminder invoice for payment.
In one case, a firm received an email from a customer requesting that money be transferred to a new account.
"The email looked like it came from the customer," a Garda spokesperson said.
"This led to $1m being transferred to a bank account in Hong Kong. Luckily, this was reported swiftly and in conjunction with the financial intelligence unit in Hong Kong, An Garda Síochána was able to block the movement of this money."
In another case, a company reported an email redirect fraud to the value of €463,200.
Gardaí are encouraging businesses to make independent contact with suppliers to verify the contents of invoices and emails.