Garda money-laundering investigators have questioned two men in relation to a sophisticated cross-border cyber attack.
As part of the lengthy operation, more than €900,000 was recovered by gardaí and returned to a foreign company targeted by the cyber criminals.
The cyber attackers hacked into the systems of a company that was due to receive a VAT payment.
It obtained their bank account details and requested that the VAT payment be sent into a new account, controlled by them.
The scam is known as Invoice Redirection Fraud.
The monies were then transferred both inside Ireland and outside – at which stage a specialist garda team pounced.
A statement issued by Garda headquarters said that “as part of an ongoing operation” by the Money Laundering Investigation Unit (MLIU) of the Economic Crime Bureau (ECB) two men were arrested in Dublin.
The men, one aged 31 and the second aged 67, were detained under the provisions of section 4 of the Criminal Justice Act and held at Blanchardstown Garda Station.
“The two men were arrested as part of the Money Laundering Investigation Unit's investigation into an Invoice Redirection Fraud where a European-based company was induced to sending a VAT payment to the bank account of an individual instead of its true recipient,” the statement said.
It said the cyber criminals hacked into the systems of the company that was due to get the VAT money.
“It is believed that the database of the company, who were due to receive payment, had been the target of a malware attack that allowed the issuing of a request to change details of the true recipient's banking accounts.”
It said that once the funds had been received there were a number of onward transactions both inside and outside Ireland.
The statement said that as a result of liaison between the Financial Intelligence Unit of the ECB and the MLIU and a financial institution more than €900,000 was recovered before it could be dissipated.
Banking and Payments Federation Ireland has previously issued alerts about Invoice Redirection Fraud after a number of businesses were targeted.
It said these businesses have received “bogus emails being received that purport to be from an existing creditor”.
The alert said: “The email generally contains a letter as an attachment, the letter purports to notify the receiver of new (amended) bank account details to which all future payments are to be sent.”
BPFI said the email notifying the change of details could be in the name of someone that the receiver is used to dealing with.
“However, the fraudsters will have created a bogus email account and the sender’s name which will carry a minor variation,” it said.
The federation advised businesses to make a phone call to a known contact within the firm that was requesting changes in banking details.
It said not to use contact details on the letter or email that was sent, but to use details from documents on file.