The scam operated across Europe and involved the cyber criminals redirecting a payment from a Danish company to a Romanian firm into a bogus account in Ireland.
Two African men, living here, were arrested this week by specialist gardaí from the Economic Crime Bureau (ECB), following a surveillance operation.
ECB detectives managed to recover more than €900,000, thought to represent a majority of the stolen funds.
Members of the ECB’s Money Laundering Investigation Unit (MLIU) searched the men’s house in Dublin and removed digital devices and documentation.
The men, who were detained under Section 4 of the Criminal Justice Act on Monday, were released early yesterday.
Garda bosses are now preparing a file for the Director of Public Prosecutions. It is expected the file will recommend charges be brought.
In the scam, the cyber criminals accessed emails between the targeted companies and could see that money was owed by the Danish firm to the Romanian business.
In what is known as “invoice redirection fraud”, the cyber criminals sent the Danish company an email purporting to be from the Romanian company, using an email address that differed slightly.
It requested the Danish firm to send a Vat payment due to a new bank account, which the Danish firm did.
In a statement, gardaí said: “It is believed that the database of the company, who were due to receive payment, had been the target of a malware attack that allowed the issuing of a request to change details of the true recipient’s banking accounts.”
Money was paid from the Danish account, based in Germany, into an account in Ireland.
The cyber criminals dispersed the funds both within and outside the country.
The entire process was monitored by the MLIU. In a co-ordinated operation with the ECB’s Financial Intelligence Unit and a financial institution here, they managed to recover more than €900,000 of the stolen cash.