Almost €19 Million Lost by SMEs to Email Related Scams over the Past 2 Years

The scale of email‑related fraud hitting Irish SMEs is staggering. Roughly $20.5 million has vanished in just 24 months, a sum that would cover the payroll of thousands of micro‑enterprises. SMEs account for more than two‑thirds of employment in Ireland, yet their limited resources make them prime targets for cyber‑criminals exploiting the rapid digitisation of invoicing and payments. This environment creates a perfect storm where a single compromised supplier email can cascade into multi‑million‑dollar losses.

Invoice‑redirection scams, where fraudsters mimic trusted suppliers and request new bank details, remain the most damaging, averaging nearly $24 k per hit. CEO impersonation attacks add a layer of sophistication, leveraging internal hierarchies to bypass standard checks. The threat landscape has also evolved to a multi‑channel approach—phishing emails followed by urgent phone calls or texts—heightening the pressure on employees to act quickly. With 53% of SMEs reporting no formal fraud‑awareness training, the human factor is the weakest link, making simple controls like dual‑approval and verification of bank‑detail changes essential.

In response, the FraudSMART initiative, backed by the government and industry bodies, has rolled out a free, multi‑platform awareness campaign. The program offers concise guides, short videos, and actionable checklists designed to embed a culture of verification and scepticism. By institutionalising routine fraud checks and providing readily accessible resources, the campaign aims to reduce financial exposure and restore confidence among Irish SMEs. Other economies facing similar SME‑centric fraud pressures can look to this coordinated public‑private model as a blueprint for strengthening cyber‑resilience at the grassroots level.