ACCC’s 2022 scam report published in April of this year reports that Australian businesses lost 224 million dollars to business email compromise scams (BEC) in 2022.
This is about the same as the $227 million reported as lost in 2021. So, although it doesn’t look like BEC scamming is a growth industry, it does look like business hasn’t yet stemmed the flow.
Fortunately, each incident is relatively small, around $6,000 each time. However, if the scam continues undetected for any time, the total amount can become substantial, affecting profitability and, eventually, line manager and executive bonuses.
Unfortunately, BEC scams or payment redirection scams are difficult to detect, and when detected, it is often too late. The money is gone.
However, there is good news for those running SAP.
With the right tools in place, BEC scams can be detected in real-time and stopped before any money leaves the business accounts.
Business email compromise scamming
So what is it?
Sometimes referred to as false billing or payment redirection, the scam involves scammers compromising the business email through hacking or impersonating the business email (e.g., by changing one letter in the email address). The scammers then use this email to submit, resubmit, or alter invoices or requests for payment by changing the bank account details.
Because the emails look legitimate, bank details are changed, and the redirected invoice is paid.
What industries are targeted?
High transaction industries are often targeted to maximise the likelihood of success and undetection. In these businesses, accounts payable staff are busy.
The chances of a redirect being noticed as false are lower, and the chances of staff skipping normal protocols to meet a KPI, perhaps, are higher.
How is it detected?
Unfortunately, detection is almost always manual.
When the invoice payment details don’t match the record, the scam will only be detected if the accounts staff checks the details with the supplier before authorising payment. To verify a change in bank account details, an accounts staff must email or call their contact personally.
This is burdensome, expensive, and might be skipped for a high-volume transaction business.
Usually, the fraud has long been committed before detection ever occurs.
A solution for SAP customers
There is a solution.
For those running SAP, a solution is available that detects false billing and payment redirection scams before payments are made.
remQ from VOQUZ Labs is a financial monitoring tool to monitor SAP financial transactions to detect abnormalities as they occur to prevent things like duplicate payments, false vendors, overpayments, unduly favourable payment terms, changed account details, and other fraudulent activity.
remQ will detect a change in supplier bank details in almost real-time with the changes brought to the surface with the remQ Alerts Monitor.
Final word
Losses due to fraud and scamming are an ever-present danger. Preventing fraud in large businesses is becoming more and more challenging. Scammers and fraudsters are upping their game annually.
Therefore, businesses must also up their detection and monitoring methods to minimise or prevent such losses.
For SAP customers, the answer is simple - remQ.
Abnormalities, fraud and scamming are detected in real-time, often preventing substantial financial loss.
We can help
Leg Up Software are expert in SAP IT automation.
We know the SAP operations and infrastructure automation solutions landscape and have already done the legwork identifying the best solutions for most repetitive IT tasks.
We have excellent relationships with many software vendors and can negotiate an evaluation process that best suits your circumstances and budget.
Let's set up a time to get the conversation started by putting something on our calendar.
Alternatively, to learn more about IT automation for SAP teams, see www.legupsoftware.com/solutions
