Businesses are urged to be vigilant when it comes to cybersecurity amid a rise in increasingly sophisticated online scams.
Ronan Murphy from cybersecurity company SmartTech247 helps companies with their online security, how to manage risk, and often with smaller firms, assists them when they have fallen victim to some sort of compromise.
This includes "spearfishing" or targeted attacks on users, email accounts being compromised, invoice fraud redirections, and other "insidious, unpleasant scenarios".
He told Tech Talk with Jess Kelly that "it's crazy" how good fraudsters have become with their scams, with increased attention to detail and the ability to mask their domain.
"These guys are getting good at covering up the traditional indicators that this is a phishing email, and once they catch you, they know how to clean you out," Mr Murphy said.
He described an "unfortunate situation" a few weeks ago which involved an Irish farmer ordering equipment from a supplier in the UK.
"The supplier in the UK had clicked on a phishing email, the guys had got access to his computer," Mr Murphy explained."The farmer in Ireland was making a payment of a significant amount, a couple of hundred thousand euros to pay for his equipment.
"These guys comprised the [supplier's] email [account], they sent on fake banking information, the money was transferred, the guy followed up to find out where his equipment is and the supplier said, 'Well you need to pay for it', and the farmer said, 'I paid weeks ago'.
"They said, 'We haven't got your money', and they went checking and the money was gone, cleaned out.
Mr Murphy said his business deals with a lot of similar scenarios, many of which involve large monetary sums.
"This was a couple of hundred thousand, but the money's gone, there's no recourse whatsoever," he added.
Ascertaining who liability rests with is a very complex process, he said, which the law needs to adapt to very quickly to keep up with rapidly changing online threats.
"You would assume it is cut and dry, this guy had his email hacked, so he's liable, he has a duty of care, but in fact, there's no precedent for that in law," Mr Murphy said.
"I spent an hour debating the common sense of this with a senior Queen's Counsel barrister in the UK, saying, 'This is madness, we've got forensic proof and evidence that the vendor was compromised, that their business email was compromised, and that resulted in invoice fraud redirection for a significant sum of money, surely there's a duty of care, surely they have to be responsible'.
"And the law does not have precedent for this type of incident, which was news to me, I was stunned, so I think there's going to be some really interesting test cases of these types of scenarios in the coming weeks, months and years.
Mr Murphy said this example of a business email being compromised is different from an organisation or e-commerce store being compromised as there would be a higher level of security for consumers transacting with those companies.
He added that the problem with cybersecurity "is only getting bigger" and "the bad guys are better funded than ever".
"The threat landscape is evolving at a ferocious pace," he said, and businesses need to do the basics right when it comes to protecting themselves and their users from fraudsters.
This includes "digital hygiene" such as ensuring passwords are not compromised.
