Small and medium-sized Irish businesses have lost nearly €19 million in email-related scams over the past two years, according to new figures from FraudSMART. Companies affected suffered average losses of more than €22,000, highlighting the growing threat of digital fraud.
FraudSMART, an initiative developed by the Banking & Payments Federation Ireland (BPFI), has launched a new fraud awareness campaign in collaboration with ISME, the Irish SME Association. The campaign seeks to educate business owners on how to recognise and prevent common scams targeting SMEs.
Invoice redirection and CEO impersonation remain the top threats to businesses, FraudSMART said. Invoice redirection scams typically begin with an email appearing to come from a known supplier, either hacked or closely copied by fraudsters. The message requests a change to bank account details for future payments, often without demanding immediate payment.
CEO impersonation scams, while less common, are considered highly deceptive. Fraudsters pose as senior executives, convincing employees to share sensitive information or authorise unauthorised financial transactions.
Niamh Davenport, Head of Financial Crime at BPFI, described the scale of email-related scams targeting Irish SMEs as “deeply concerning.” She noted that a recent survey by the federation and ISME found that 67 percent of SMEs had been targeted by a financial scam in the past 12 months, with 78 percent receiving suspicious or urgent requests.
Email remains the main channel for attempted scams, accounting for 88.4 percent of cases, while phone calls (51.2 percent) and text messages (48.8 percent) are also used. Davenport said fraudsters are increasingly combining channels, following up an email with a call or text to create a greater sense of urgency and legitimacy.
“Reassuringly, the majority (80 percent) of businesses who have received unexpected or urgent requests report taking actions to independently verify the requests before taking any action,” she said. However, more than half (53 percent) of businesses reported not having fraud awareness guidelines or training in place, leaving their operations vulnerable.
ISME Chief Executive Neil McDonnell said the survey results are “a stark reminder that fraud is now a day-to-day business risk for SMEs.” He added that falling victim to scams “is not only financially damaging but can fundamentally undermine trust within a business,” and that employees need support to play a key role in prevention.
McDonnell emphasised that protection need not be complicated. Simple measures, such as verifying changes to supplier bank details, implementing dual approval for higher-value payments, and ensuring staff are aware of warning signs, can make a significant difference.
As part of the campaign, FraudSMART has released a free guide on business fraud. It advises companies to verify all requests to change bank account details, ensure two people approve third-party payments, train staff on phishing emails, review invoices carefully, keep systems updated, and limit sharing personal information on social media.
Small and medium-sized Irish businesses lost almost €19 million in email-related scams over the past two years.
