In Part 1 of this week’s blog series, we made you aware of some recent shocking invoice scams that have cost companies millions, sometimes hundreds of millions of dollars. And how with the Yooz cloud-based end-to-end system that automates your AP workflow, even if a fake invoice came through in an e-mail—whether it’s from a real or fake account—our system’s validation steps would notice!
In Part 2 of this blog series, we take the “scam-proof” nature of the Yooz solution to the next level: How the vendors play a role.
The news we referenced in Part 1 involved an invoice scam by Lithuanian Evaldas Rimasauskas to Facebook and Google. It goes further: His work also involved "forged invoices, contracts, and letters that falsely appeared to have been executed and signed by executives and agents" of the companies he was impersonating and fleecing, prosecutors said in a statement.”1
In some scenarios, the pirate will create an invoice from a fake company, or vendor. In each Yooz application, the system has a list of vendors registered by the client, a known list of true vendors. So, the system will not recognize a fake vendor and alert the user.
But in the case of Rimasauskas, he was actually impersonating a real vendor, rather than creating a fake vendor. What then? The same series of checks and balances built into the Yooz workflow applies to identifying fake invoices from “real” vendors. In our complete purchase-to-pay (P2P) workflow approval process, the purchase order is imported from the ERP and matches the P.O. to the invoice. The fake invoice will not have a P.O. to match against, alerting the user.
In short, you can sleep at night. We’ve got you covered!
1Huddleston, T., Jr., “How this scammer used phishing emails to steal over $100 million from Google and Facebook.” CNBC.com. Accessed April 3, 2019. www.cnbc.com/2019/03/27/phishing-email-scam-stole-100-million-from-facebook-and-google.html