We use cookies to collect and analyse information on site performance and usage to improve and customise your experience, where applicable. View our Cookies Policy. Click Accept and continue to use our website or Manage to review and update your preferences.


Strictly necessary cookies

Cookie name Duration Cookie purpose
ASP.NET_SessionId Session This cookie holds the current session id (OPPassessment only)
.ASPXANONYMOUS 2 Months Authentication to the site
LSI 1 Year To remember cookie preference for Law Society websites (www.lawsociety.ie, www.legalvacancies.ie, www.gazette.ie)
FTGServer 1 Hour Website content ( /CSS , /JS, /img )
_ga 2 Years Google Analytics
_gat Session Google Analytics
_git 1 Day Google Analytics
AptifyCSRFCookie Session Aptify CSRF Cookie
CSRFDefenseInDepthToken Session Aptify defence cookie
EB5Cookie Session Aptify eb5 login cookie

Functional cookies

Cookie name Duration Cookie purpose
Zendesk Local Storage Online Support
platform.twitter.com Local Storage Integrated Twitter feed

Marketing cookies

Cookie name Duration Cookie purpose
fr 3 Months Facebook Advertising - Used for Facebook Marketing
_fbp 3 months Used for facebook Marketing
€2.1M fraud near-miss in business email scam

22 Dec 2020 / business Print

€2.1M fraud near-miss in business email scam

The Bank of Ireland is advising businesses to be on increased alert against fraudsters capitalising on vulnerability as Brexit approaches.

In particular, the bank is warning about business email compromise, in a range of types of financial fraud, including ‘invoice redirection’ and ‘CEO fraud’. 

Businesses should treat any requests to change bank account details or transfer funds with extreme caution, and always verbally check any such requests with a known contact at a known number.

In the second half of 2020, a business email fraud ‘near-miss’ to the value of €2.1 million was intercepted by the Bank of Ireland fraud team, along with An Garda Síochána.

Another business was on the brink of losing €1.1 million when their emails were compromised in an attempted fraud.

The Bank of Ireland fraud team has acted on two to three cases of this type of fraud each week.

Trick

Invoice-redirection fraud is where fraudsters pretend to be a supplier or service provider in order to trick employees into changing bank-account payee details.

A common tactic is to tell the business that their bank account details have changed and for all payments to be sent to a new account, controlled by the fraudster. 

What to look out for:

  • The fraudsters may write to a company’s finance or payments department, either on forged headed paper or by email, pretending to be a supplier,
  • Typically, they will tell the business that their account details have changed,
  • The payee account may be located either in Ireland or overseas,
  • The fraudster may ask an employee to either send a pending payment to the new account or, alternatively, ensure that all future payments are sent to the new account.

Impersonation fraud

CEO impersonation fraud is where the fraudster pretends to be a senior executive from the victim’s organisation. 

An email is sent to an employee to try to trick them into doing something, like making a payment to either an existing or new client or supplier.

What to look out for:

  • The fraudster will try to pressurise a member of staff into acting quickly and without thinking,
  • The fake emails are well-crafted, from compromised email accounts, and may look like they have come from a senior executive at the company in question,
  • Typically, the fraudster instructs the staff member to make an urgent high-value payment to a supplier or creditor, and usually includes the payee details, including the IBAN,
  • Often, the payee account is located overseas.

Beware Brexit scams

Edel McDermott (head of fraud at Bank of Ireland) commented: “We know that fraudsters thrive in periods of change or uncertainty for business, where attention may be focused on other priorities.

“Brexit will bring considerable change to many companies, including new procedures relating to customs or changes in arrangements with vendors or customers“Business email fraud at any time has the potential to have a devastating impact on business. We are urging businesses not to drop their guard against email scams over the coming period. Training staff on the warning signs and the basic steps to take will safeguard businesses against these avoidable losses. 

Verbal check with known contact

“If every business followed a simple step that a request to change account details or to make a payment was always verbally checked with a known contact, at a known phone number, the majority of this type of fraud would be stopped.” 

The advice from Bank of Ireland is, as follows:

  • Be sceptical of urgent requests that do not follow typical company procedures and policies,
  • Establish a documented internal process for requesting and authorising all payments. Existing internal procedures may need to be reviewed,
  • Consider how your business issues and accepts payment instructions. Email is not considered a secure means of communication, unless encrypted,

Always verify that the email is from the real sender. Phone numbers quoted in the suspicious email should not be trusted; verify the contact internally or at a known phone number before making any payment,

Details

Under no circumstances should contact details contained in the email or attachments be relied upon to verify the request, whether these consist of a physical address, an email address or a phone number,

Notify the bank immediately if you receive a suspicious email relating to payments, or if you think you have been the victim of fraud. The sooner customers notify Bank of Ireland, the better the chance of tracing and recovering funds. 

More information can be found at the Bank of Ireland’s ‘Protect your Business’ site at www.bankofireland.com.

Gazette Desk
Gazette.ie is the daily legal news site of the Law Society of Ireland