In recent technology news, Lithuanian Evaldas Rimasauskas and his co-conspirators created fairly convincing forgery emails using fake email accounts from a company called Quanta in Taiwan—a company Facebook and Google regularly conducted business with—and sent them to employees at Facebook and Google who responded by paying out more than $100 million to the fake company's bank accounts, prosecutors said.1
Shocking, right? If you are a finance leader that learned of this scam you probably cringed. “How could that have been so easy?” you are likely asking yourself and your AP team. And, “How exposed are we to such a scam?”
In a recent Yooz blog, we talked about how our platform can handle processing invoices in foreign currencies. Since this recent news involved companies from various countries, we thought it would be an exciting opportunity for us to show that with Yooz it would be almost impossible for your company to be scammed like this. Thanks to the Yooz cloud-based end-to-end system that automates your AP workflow, even if a fake invoice came through in an e-mail—whether it’s from a real or fake account—our system’s validation steps would notice!
Here is how it works:
- Each Yooz client application has one or multiple AP e-mail(s), which is like a global e-mail where vendors send their invoices to be paid. These e-mails have a unique login assigned by the AP department or finance administrators.
- The technology auto-forwards the e-mails into the Yooz system to be coded.
- If a fake invoice is imported into the Yooz system, it will enter in the workflow which involves multiple approval steps, including matching it to a real P.O.
So first the pirates need to have this unique AP email, which unlike the regular emails of the employees, is really complicated to try and get if you are not an employee of the company. The scam usually stops there. If the fake invoice actually makes its way into the approval process, the likelihood it of it being caught by one of the approvers is really strong.
In Part 2 of this blog series, we’ll take the “scam-proof” nature of the Yooz solution to the next level: How the vendors play a role.
1Huddleston, T., Jr., “How this scammer used phishing emails to steal over $100 million from Google and Facebook.” CNBC.com. Accessed April 3, 2019. www.cnbc.com/2019/03/27/phishing-email-scam-stole-100-million-from-facebook-and-google.html