Protect Your Company Against Phishing Scams

Over the year we have posted many articles about phishing scams and how important is to recognise one.

Our main antivirus solution provider (ESET) has repeatedly drawn our attention to increasing online activity targeting Irish email addresses with phishing scams – often using the names of Irish Revenue and Customs, Bank of Ireland, Ulster Bank, DHL and lately pretending to be someone from your own company or supplier.

The last two are really common and it can easily do a lot of damage if not informed properly.

The phishing emails involve scammers pretending to be legitimate suppliers sending you an invoice/statement advising changes to their bank details. This may not be detected until the business is alerted by complaints from suppliers that payments have not been received.

How these scams work

Scammers hack into supplier email accounts and obtain information such as customer lists, bank details and previous invoices.

Your business receives an email, supposedly from a vendor, requesting a bank transfer to a new bank account.

The scammers either disguise their email address or create a new address that looks nearly identical. The emails may be spoofed by adding, removing, or subtly changing characters in the email address which makes it difficult to see that the scammer’s email doesn’t come from a legitimate address.

The email may look as if it is from a genuine supplier and often copies a business’s logo and message format. It may also contain links to websites that are convincing copies of the real company’s homepage or links to the real homepage itself.

How to protect your company

  • Have a clearly defined process for verifying and paying accounts and invoices. Usually Accounts Payable tend to either make the transfer without thinking it might may be a scam – or they will ring the number that it is shown on the invoice they received, which may be a fake number. If you are asked to send a payment to a new bank account, always call the supplier to confirm that it has come from them. 
  • Be suspicious – If you think a request is suspicious, telephone the business to seek verification of the email’s authenticity.
  • Don’t call any telephone number listed in the email/invoice; instead, use contact details that you already have on file for the business, or from an older invoice.
  • Do NOT pay until you have looked into the matter further. If you’re unsure contact your IT Provider ASAP.
  • Ensure your staff are aware of this scam and understand how it works so they can identify it, avoid it and report it. Have regularly meetings/training to keep everyone up to date about these scams.
  • Check your IT systems for viruses or malware – always keep your computer security up to date with anti-virus and anti-spyware software and a good firewall. No one can predict the constantly shifting nature of security threats. But what you can do is ensure that your devices are working hard to supplement your cybersecurity defences.

Please also note that this is only one of several email phishing and other malign efforts that are being made on a regular basis.  They are designed to exploit the trust of email users in the hope that a percentage of those that are being sent out will succeed in eliciting a response. We have seen many such attempts claiming to come from Eir, other telecom providers, all of the main banks, or from many other utilities.

For more information just give us a call at 01-4975562 or email us at