Irish SMEs Losing Close to €1 Million a Month to Email Fraud

Irish small and medium-sized businesses have lost €18.9 million to email-related fraud over the past two years, according to new figures from FraudSMART, the fraud awareness initiative led by Banking & Payments Federation Ireland (BPFI), as reported by the Irish Times.

The data shows that businesses successfully targeted by cyber criminals lost an average of €22,000 each, with invoice redirection and CEO impersonation scams the most common methods used to steal money.

According to the research, 67% of SMEs were targeted by scammers over the past 12 months, yet more than half had no specific fraud awareness guidelines or training programmes in place.

Niamh Davenport, BPFI's head of financial crime, said:

"The scale of email-related scams targeting Irish SMEs is deeply concerning."

She said most cases begin with what appears to be a legitimate email from a supplier known to the business, which has in fact been hacked or closely copied by fraudsters. The emails do not typically ask for payment upfront but instead claim a supplier has changed bank accounts and request that payment details be updated. When a genuine invoice later arrives, the business pays into an account controlled by the fraudster.

CEO impersonation scams, while not as prevalent, can be even more deceptive. These involve fraudsters posing as a company's senior executive to pressure employees into sharing sensitive information or making unauthorised payments.

While the majority of scam attempts arrive by email, Davenport noted that fraudsters are increasingly combining channels, following up an email with a phone call or text message to create a greater sense of urgency and legitimacy.

She said it was reassuring that 80% of businesses who receive unexpected or urgent requests report taking steps to independently verify them, such as contacting the sender using a phone number or email address already on file. However, she noted it was a concern that 53% of businesses surveyed had no fraud awareness guidelines or training in place for employees.

Neil McDonnell, of ISME, the Irish SME Association, said:

"These findings are a stark reminder that fraud is now a day‑to‑day business risk for SMEs. Falling victim to scams is not only financially damaging but can fundamentally undermine trust within a business. Employees in particular are often the ones targeted by fraudsters and therefore need to be supported to play a key role in fraud prevention."

McDonnell added that fraud prevention does not have to be complicated, pointing to simple controls such as verifying any change to supplier bank details, introducing dual approval for higher-value payments, and ensuring every member of staff knows the warning signs.

Businesses can check websites and links for legitimacy using FraudSMART's Scamchecker tool at scamchecker.ie. More information on how to protect your business is available at fraudsmart.ie.