Gardai have recovered €2.1 million that was transferred by a Dublin company to a bank account in Hong Kong after being tricked in a sophisticated invoice redirect fraud.
The crime was one of the biggest invoice redirect crimes An Garda Siochana has ever dealt with and is believed to be the largest sum of money ever recovered.
Garda sources said similar frauds had increased during the Covid-19 pandemic as the criminals responsible appeared to believe it was easier to trick people as they worked from home.
“If you are in the office, you can bring in your colleagues and consult with them very quickly when you’re worried about something but when you’re on your own at home, you don’t have that same network of people,” said one Garda source.
He added when people worked from home their computers and wifi systems were perhaps not as secure as their facilities in work, especially if they worked for companies that regularly dealt in large sums of money, all of which made them more vulnerable to fraud.
Last Friday the Irish company targeted in the latest scam received an email purporting to be from a firm it regularly deals with in London about the payment of €2.1 million for a business deal that was underway.
In the email the firm in London requested the money due to be transferred would be lodged into an international back account rather than an account in the UK.
However, the Irish company became suspicious and rather than transferring the cash it contacted the London company by phone to make checks and was assured that the email was genuine.
The payment was then made last Friday from a Bank of Ireland account in Dublin to the international account, which was with a bank in Honk Kong.
However, on Monday the Dublin firm realised it had been conned and that the money sent had not be transferred into any account linked to the London company. They raised the alarm with Bank of Ireland, which contacted the Garda Fraud and Economic Crime Bureau.
Using information supplied to it by the bank, the Garda Fraud Squad immediately made contact with detectives in Honk Kong, who quickly traced the bank account, which still contained the full €2.1 million on deposit, and froze the money.
The cash has since been returned to the Dublin company. Garda sources said none of it was lost as the account it was transferred to was frozen before the fraudsters had a chance to withdraw it or move any of it on to other international accounts.
Gardaí now believe fraudsters hacked into the email system of the company in London and used the information they gleaned from the hack to send an invoice to the Dublin firm. The fraudsters doctored the London company’s email signature and inserted a new phone number.
When a staff member in the Dublin company rang that phone number they believed they were speaking to an employee in the London firm but were in fact dealing with one of the fraudsters.
Garda sources said when checks were being made before money transfers were about to made, it is crucial companies did not rely on information, such as names, phone numbers and email addresses, contained in emails that requested any change to normal banking and payment arrangements.
They added while the Dublin company had ultimately been tricked, it had acted responsibly in making it’s own checks but the crime was an example of how sophisticated frauds had become and that the speed at which the company contacted their bank on Monday was a crucial factor in retrieving the money.