Almost €19 million lost by SMEs to email‑related scams over the past two years – FraudSMART

Almost €19 million lost by SMEs to email‑related scams over the past two years, as invoice‑redirection fraud continues to dominate – FraudSMART

• Invoice redirection and CEO impersonation scams remain the top fraud risks to businesses, with average losses of over €22,000
• 67% of SMEs targeted by a scam in the last 12 months according to new survey, but more than half (53%) do not have specific fraud awareness guidelines and training programmes in place
• Tánaiste Simon Harris launches FraudSMART SME fraud awareness campaign, run in partnership with ISME and business owner and TV personality Brendan Courtney

Friday 27^th March – Irish small and medium enterprises (SMEs) lost almost €19 million (€18.9m) over the past two years through email-related scams, according to new figures published today by FraudSMART, the fraud awareness initiative led by Banking & Payments Federation Ireland (BPFI). The figures come as Tánaiste Simon Harris launches a new FraudSMART SME fraud awareness campaign, in partnership with ISME and business owner and TV personality Brendan Courtney.

Invoice redirection and CEO impersonation scams remain top threats to businesses

Speaking on today’s launch and outlining the types of scams targeted at SMEs, Niamh Davenport, Head of Financial Crime, BPFI commented: “The scale of email-related scams targeting Irish SMEs is deeply concerning, with FraudSMART members seeing average losses of over €22,000 per incident. The majority of cases we are seeing are invoice-redirection scams, which often start with, what appears to be, a legitimate email from a supplier known to the business, but which has been hacked or closely copied by fraudsters. They usually don’t request any payment upfront but claim to have moved to a new bank account and ask for their payment details to be updated on the system for future invoices. When a legitimate invoice is issued by the supplier at a later date, the business ends up paying it into the ‘new account’ controlled by the fraudster. CEO impersonation scams, while not as prevalent, can be even more deceptive, where fraudsters impersonate a company’s senior executive in order to convince an employee to disclose sensitive information or make an unauthorised financial transaction.”

More than two thirds of SMEs targeted with scams in the last 12 months but less than half have any fraud awareness guidelines and training programmes in place for employees

Ms Davenport added: “According to a recent survey we conducted with ISME, 67% of SMEs say they’ve been targeted by a financial scam in the last 12 months while 78% have received an unexpected or urgent request that raised suspicion. Most attempted scams are coming through email (88.4%) as well as phone calls (51.2%) and text messages (48.8%). Increasingly, fraudsters combine these channels – for example, following up an email with a phone call or text message – to create a greater sense of urgency and legitimacy.”

“Reassuringly, the majority (80%) of businesses who have received unexpected or urgent requests report taking actions to independently verify the requests before taking any action – for example, by contacting the person or organisation who has sent the request using a phone number or email address already on file, rather than using the contact details in the message received. However, of concern, is that more than half (53%) of businesses report not having fraud awareness guidelines and training in place for employees, leaving their business exposed.”

Neil McDonnell, CEO of ISME, added: “These findings are a stark reminder that fraud is now a day‑to‑day business risk for SMEs. More than three quarters (77%) of ISME members who took part in the survey, believe that financial fraud is a moderate or serious threat to their business. Falling victim to scams is not only financially damaging but can fundamentally undermine trust within a business. Employees in particular, are often the ones targeted by fraudsters and therefore need to be supported to play a key role in fraud prevention. The good news is that prevention doesn’t have to be complicated. Putting in place simple controls such as verifying any change to supplier bank details, introducing dual approval for higher‑value payments, and making sure every member of staff knows the warning signs can make a real difference. I would encourage all SMEs to put regular fraud training in place for their workforce. FraudSMART also provides a free guide with information and tips on business fraud and that’s a good place to start.”

Tánaiste Simon Harris launches FraudSMART SME fraud awareness campaign, run in partnership with ISME and business owner and TV presenter, Brendan Courtney

The latest findings come as FraudSMART launches a new SME fraud awareness campaign, being run in partnership with ISME and business owner and TV presenter, Brendan Courtney. The campaign is spotlighting the latest scams being targeted at businesses and offering practical fraud prevention tips through a series of social media videos over the coming days.

Speaking at the launch of the campaign, Tánaiste Simon Harris commented: “Small businesses are the backbone of our economy, accounting for more than two-thirds of business employment in Ireland, according to the CSO. Over 92% of SMEs are what we call micro enterprises, employing less than 10 people, and while these businesses demonstrate remarkable resilience in the face of global uncertainty, unfortunately, they are often the most vulnerable to business-related fraud because they often have fewer resources and lower financial buffers to withstand losses. It is vitally important that business owners and employees are aware of the risks that fraudsters pose and put the necessary measures in place. I welcome this FraudSMART campaign, which gives practical, free advice to help SMEs protect their money, their data and their reputation.”

Susan Russell, President, BPFI and Chief Executive of the Retail Ireland division of Bank of Ireland Group concluded: “Fraud is an evolving threat for businesses of every size, and it increasingly relies on deception as much as technology, creating urgency to try to bypass routine processes. The strongest protection is to treat fraud prevention as a core part of running a business and to build a culture where staff feel confident to pause, check and challenge anything that does not look right. FraudSMART is supporting businesses with practical, impartial information on the latest scams and how to guard against them and I encourage SMEs to visit FraudSMART.ie for guidance and resources.”

FraudSMART tips to protect your business:

1. Policies and procedures: Ensure a verification process is in place for requests to change supplier bank account details.
2. Dual authorisation: Require two people from the business to approve any third-party payment electronically.
3. Fraud awareness and training: Ensure staff are given appropriate training on email-related fraud / phishing emails.
4. Invoice checking: Review invoices thoroughly and ensure there are no irregularities.
5. Updated operating systems: Ensure that the latest updates for your computer and mobile operating systems are up-to-date and set them to automatically update
6. Think before you post: Avoid sharing too much personal information on social media.

Further information is available at FraudSMART.ie. Businesses can also download a free copy of the FraudSMART ‘Protect your business from fraud’ guide.

Ends/

Contact: Fiona Murphy, Head of Communications, fiona.murphy@bpfi.ie or Jillian Heffernan, Director of Communications, jillian.heffernan@bpfi.ie.

Notes to Editors:

Survey: Survey conducted by FraudSMART and ISME with ISME members in February – March 2026 with 65 responses.

Definitions:

• Invoice re-direction fraud occurs when a business receives a fraudulent email claiming to be from an existing supplier/creditor. The fraudster advises that the bank details for the payment of future invoices should be changed or requests that a payment should be made into a different bank account. These approaches can me made over the telephone, by letter, fax and by email. Often there is no immediate request for payment, when a legitimate invoice is issued, the payment will go to the ‘new account’ controlled by the fraudster.
• CEO impersonation fraud takes place when an email purporting to be from the Chief Executive Officer or a senior member of the team is sent to the Finance Team requesting that an urgent payment be made to a supplier or another third party or in some cases to the senior member themselves.

About FraudSMART: FraudSMART is a fraud awareness initiative developed by Banking & Payments Federation Ireland (BPFI) in conjunction with the following member banks, Allied Irish Bank plc, An Post Money, Avant Money Barclays Bank Ireland, Citibank Plc, Irish League of Credit Unions (ILCU), PTSB and Revolut. The programme aims to raise consumer and business awareness of the latest financial fraud activity and trends and provide simple and impartial advice on how best they can protect themselves and their resources. www.FraudSMART.ie.

About BPFI: Banking & Payments Federation Ireland (BPFI) represents the banking, payments and fintech sector in Ireland. Together with its affiliates, the Federation of International Banks in Ireland and the Fintech & Payments Association of Ireland, BPFI has over 120 member institutions and associates, including licensed domestic and foreign banks and institutions operating in the financial marketplace here.

About ISME: ISME’s purpose is to be the trusted voice of Irish SMEs, independent of the interests of big business, advocating at national and European level for our member’s interests and those of the wider small business community.