The scam operated across Europe and involved the cyber criminals redirecting a payment from a Danish company to a Romanian firm into a bogus account in Ireland.

Two African men, living here, were arrested this week by specialist gardaí from the Economic Crime Bureau (ECB), following a surveillance operation.

ECB detectives managed to recover more than €900,000, thought to represent a majority of the stolen funds.

Members of the ECB’s Money Laundering Investigation Unit (MLIU) searched the men’s house in Dublin and removed digital devices and documentation.

The men, who were detained under Section 4 of the Criminal Justice Act on Monday, were released early yesterday.

Garda bosses are now preparing a file for the Director of Public Prosecutions. It is expected the file will recommend charges be brought.

In the scam, the cyber criminals accessed emails between the targeted companies and could see that money was owed by the Danish firm to the Romanian business.

In what is known as “invoice redirection fraud”, the cyber criminals sent the Danish company an email purporting to be from the Romanian company, using an email address that differed slightly.

It requested the Danish firm to send a Vat payment due to a new bank account, which the Danish firm did.

In a statement, gardaí said: “It is believed that the database of the company, who were due to receive payment, had been the target of a malware attack that allowed the issuing of a request to change details of the true recipient’s banking accounts.”

Money was paid from the Danish account, based in Germany, into an account in Ireland.

The cyber criminals dispersed the funds both within and outside the country.

The entire process was monitored by the MLIU. In a co-ordinated operation with the ECB’s Financial Intelligence Unit and a financial institution here, they managed to recover more than €900,000 of the stolen cash.

Sources said that invoice redirection fraud was a very common means of targeting businesses.

“Criminals go into your emails or mine, they see we are trading and that money is owed,” said one source.

“They send you an email purporting to be from a client, saying ‘when you are paying, we have changed bank account’ and your accounts department notes the change and pays.”

He said that once cybercriminals here had the “wherewithal” to access emails of companies, they could target companies anywhere in the world “be it New York or Taiwan”.

Sources said a huge problem for the criminals, however, was cashing out the funds.

Banking and Payments Federation Ireland has previously warned businesses about the scam and urged firms to check requests from clients for payments to be sent to new bank accounts.

They advise accounts departments to go back to their files on the client, use a phone number and make a voice call — and not use details on the last email.

For businesses that do not fall for such a scam, gardaí said they should still ask themselves had their computer system been compromised by the criminals.