In 2020, approximately €10.5 million was stolen from Irish businesses through invoice redirection fraud.
In most of these cases the money was transferred abroad, proceeds of these crimes can then be laundered through accounts in Ireland.
Invoice redirect fraud or business email compromise (BEC) fraud is where the fraudsters send an email to a business purporting to be from a supplier etc, requesting the immediate payment of an invoice or transfer of funds.
Fraudsters may spoof an email address, send ‘spear phishing’ emails or use malware to get the data.
They could also take over a business’ email account therefore fraudulent emails are being sent from the real business. Data is also stolen in large data breaches.
Victims of invoice redirect fraud range from very small businesses to large corporations.
The consequences of falling for a scam of this nature can be catastrophic for any business and can result in the closure of businesses and redundancies. All relevant employees should receive training in relation to avoiding this type of scam.
The Garda National Economic Crime Bureau (GNECB) has issued some tips and advice for busineeses to avoid falling victime to these types of scams.
The tips are as follows:
- Verify email address is spelt correctly.
- Has the URL been changed from “.ie” to “.com”?
- Businesses must ensure that they have robust policies and procedures in place to deal with requests of this nature including escalating the decision making function to supervisory positions and making direct contact with a trusted known person in the supplier’s organisation.
- Where a business becomes aware that such a crime has occurred they should ask their bank immediately to do a recall on the money and then report the matter to gardaí.
- Segregation of duties — consider how your business issues and accepts payment instructions.
- Use banking security systems such as one time pass codes.
One example of invoice redirection fraud this year occurred when a professional firm in Ireland procsessed a payment of more than €600,000 for the purchase of a product.
The funds left the firm's bank account before they were redirected using a false email request and were transferred into ‘money mule’ accounts in Ireland, The EU and Hong Kong.
Financial Intelligence Units (FIU) across these jurisdictions are working together, alongside Interpol Financial Crimes Department, to retrieve the proceeds of this crime. To date over €330,000 has been recovered.
In January of this year, the Money Laundering Investigation Unit (MLIU), were made aware of an Irish business who transferred €137,800 to a financial institution in France. MLIU, with assistance from the GNECB and French FIU recovered all funds which were returned to the victim.
Last month, an Asian company received an expected invoice via email, from a legitimate company in The Netherlands as part on an ongoing business deal.
However, the Dutch company’s email had been compromised and the invoice subsequently proved to be false.
The invoice provided details of an account held at an Irish bank as the remittance bank for the payment transfer. The Irish FIU at GNECB alerted the bank and the account was frozen as a result.
The account holder was subsequently arrested and is currently before the courts charged with Money Laundering offences.
