THIS WEEK MARKED Ireland’s first-ever financial fraud awareness week, run with the aim of heightening awareness and education around the problem.
Irish businesses, including SMEs, are often hurt the most with fraud. Our advice is to be extra vigilant when responding to unusual email requests, particularly around invoicing and finances.
For companies, two scams are particularly prevalent: invoice redirection and CEO fraud.
Invoice redirection, has become increasingly common in Ireland and occurs when a business receives a fraudulent email claiming to be from an existing customer or supplier advising of new bank account details.
The initial request may not necessarily be accompanied by an invoice, but it means that any future legitimate payments are paid directly into the fraudster’s account.
By the time you realise the money has been paid to a fraudster, it may have long disappeared – and you authorised a transaction on your account.
If you receive such an email you should contact your supplier but not through links or contact details in the email as you may be contacting the fraudster.
Another scam on the increase is CEO or CFO impersonation fraud; this is a payment request appearing to come from those in one of these roles in a company to the finance team within the same organisation.
It is similar to invoice redirection fraud in that is another form of email fraud: fraudsters are able to create email accounts that are practically identical to those of senior members of staff.
A request comes into the finance team by way of email from the CEO or director asking a member of the team to make a payment.
Together with some information that can be easily gathered online, such as employee names, the fraudster sends a payment request that appears to be genuine – usually for a new supplier and with a sense of urgency – to the finance team.
In both scams, you should check email addresses carefully, especially when it is a request for money, and always independently verify details with the sender.
Make a quick phone call to a supplier to ensure they have changed account details or call your boss before making a payment – taking the time to double-check is worth it.
Keep an eye out for different names or contact details when dealing with a known supplier. It is also important to implement a robust payment system within your organisation, regardless of size, particularly for payments over a certain threshold.
Here are some anti-fraud tips for businesses:
1. Always independently verify new bank account details and the bona fides of the request with your suppliers using existing contact details. Do not reply to out-of-course emails.
2. All staff should be trained and familiar with fraud prevention procedures and good email practises including:
- Not responding to any email seeking financial, personal or security information unless they independently verify (ideally by phone) that the email came from the company or person it claims to be from;
- Never giving away security details, such as PIN or online banking password;
- Never clicking on a link or attachment in an email until it has been verified.
3. Businesses should ensure that they have appropriate IT and data security in place and should seek independent advice if in-house skills are not available.
4. Go with your instincts. If something feels wrong, stop; remember, it pays to pause.
We have also created a useful resource, FraudSMART.ie, where both consumers and businesses can find up-to-date information and advice on the latest scams.
Niamh Davenport is fraud awareness and payments manager at the Banking and Payments Federation of Ireland (BPFI).
If you want to share your opinion, advice or story, email firstname.lastname@example.org.