header background image

Battling Business Email Compromise (BEC) Scams: How To Prevent Them Within SAP

September 28, 2023


Paul Dixon



Business Email Compromise (BEC) scams are a genuine and growing threat to your business. But don't just take our word for it - in 2022, the FBI issued a public service announcement warning revealing that the crime has risen 65% in recent years and is getting more prevalent month-on-month.

And here is why it's growing like wildfire: In the cybercrime underworld, it's a scam with a higher-than-average success rate when compared to other online crimes.

So, as a SAP user, wouldn't it make sense to bolster your company's defenses against such a formidable menace? Of course it would. And here is the good news - help is at hand. This VOQUZ Labs article reveals more about BEC scams, how they work with a real-life example, and what your company can do within SAP to avoid becoming a victim.

Business Email Compromise (BEC): The Scam Explained

A BEC scammer emails companies requesting them to pay a fake invoice or bill. But obviously, it's not as simple as that. Why? Companies have systems to ensure financial transactions' accuracy and legitimacy.

So how do BEC scammers circumvent internal systems and controls?

From social engineering techniques to graphic design mastery, their box of nefarious tricks makes them a competent foe that demands attention.

Here are a few of them:

  • Fraudulent Invoices: Scammers send emails with invoices that appear genuine with logos and formatting that closely mimic those of legitimate companies (or are fake companies).
  • Email Spoofing: We won't go into the techy details (you can read about it here), but this is when the scammer alters the email header to make it appear that it originates from a different address or domain.
  • Impersonation: A sub-category of email spoofing, scammers often impersonate trusted individuals within a company (after completing research), like senior directors, to make their 'internal' request seem genuine.
  • Account Takeovers (ATO): This is when cybercriminals target a vendor of their ultimate target. By hacking into the vendor's IT systems, scammers appear as the vendor without suspicion in email communication.
  • Create Urgency: Scammers often apply pressure by creating a sense of urgency in their communications. They may claim immediate action is required to prevent financial penalties or legal consequences.

We could dig deeper into the techniques - but you get the gist. The bottom line and critical takeaway is this:

BEC scammers use the above techniques to trick employees into entering new bank details controlled by the scammers into their accounts payable systems (such as in SAP) - and then paying them. This process is also known as a type of phishing attack.

BROCHURE – the benefits of our products!

remQ - Stop losing your money to fraud!

remQ is a continuous monitoring software for SAP ERP and S/4HANA, with a large library of built-in controls that help check master data and business processes to avoid financial losses through errors and fraud. remQ can be set up in less than a day, works regardless of organization size and industry, requires no consulting project, and reduces the cost of compliance through automation.

Tablet showing the cover page of the document

A BEC Scam Explained: How Ubiquiti Lost Millions

Now that we understand the BEC scam's modus operandi, let's look at a well-known example that hit the headlines. In August 2015, US technology firm Ubiquiti submitted a report to the US Securities and Exchange Commission, disclosing that it had fallen prey to a "criminal fraud" totaling $46.7 million.

So what happened?

To cut to the chase, scammers impersonated employees at a third-party company and targeted Ubiquiti's finance department. This type of BEC scam is known as Vendor Email Compromise (VEC). Few details were released publicly. But the fraudsters likely compiled a list of Ubiquiti vendors - for example, through researching publicly available information - and worked off that data.

Ultimately, the following happened:

  • The scammer's bank account details entered Ubiquiti's financial systems
  • Ubiquiti paid the scammers millions of dollars

Now that we understand how BEC scams operate and the threat they pose to your organization, we'll now reveal how to fortify your defenses within SAP.

Here's How SAP Users Can Battle BEC Scammers Targeting Their Business

The following fact is a critical facet of a BEC scam: New bank account details belonging to cyber criminals are added or altered within a company's financial systems.

And one of the most effective ways to halt a BEC phishing attack in your company's SAP ERP or S/4HANA environment is to embrace automated internal controls systems, such as remQ by Voquz Labs. A tremendous benefit is that the technology, in almost real-time, creates red-flag alerts when payment details are added and changed.

What does this mean in practical terms?

It means that instead of new payment details (possibly belonging to scammers) slipping under the radar, finance and internal controls teams are immediately alerted, allowing them to investigate and take action if necessary.

For example, remQ (an easy-to-install SAP add-on) can even be customized so vendors are automatically blocked if changes are made close to a payment run - a red-flag event. In this scenario, an employee can then take a closer look at the issue, for example, by contacting the vendor directly to assess if everything is legitimate.

WHITE PAPER – enhance your knowledge!

Reduce Fraud & Boost Cost Savings by Automating Internal Controls

Our White Paper explains how using robust controls and automation, organizations can better manage fraud risks, comply with regulations, improve operational efficiency, and save substantial costs.

Tablet showing the cover page of the document
No items found.

Final Thoughts

BEC scams pose a real and increasing threat to businesses. As we now know, the crime is surging - especially because cybercriminals are attracted to the high success rate.

But this high success rate doesn't have to apply to your company.

If your business uses SAP ERP or S/4HANA, you have an opportunity to halt BEC scammers in their tracks. VOQUZ Labs remQ Business Inspector software operates as a SAP add-on with a library of 100+ pre-built shipped controls ready to run. You can click here to learn more about how remQ can assist. We would also be delighted to answer any questions you have - contact us.

Recommended reading: Enjoyed this article? Now read: The Growing Threat of Invoice Fraud: How To Prevent It Within SAP


Paul Dixon

Paul is a RegTech content writer & strategist with extensive experience in digital marketing and journalism. His work has appeared in the Guardian newspaper. He also holds a degree in International Relations, where he studied global sanctions compliance and cross-border finance.


Do you have any questions or something to add? Just leave us a message, please! Your message will be delivered by e-mail to us and will not be published.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Illustration of a woman editing documents

Register for our newsletter now!
Keep yourself up to date!

Thank you! Your successfully signed up for our newsletter.
Oops! Something went wrong while submitting the form.


Thumbnail that links to the post below

Miss Q’s conclusion of "S/4HANA: Your path to the optimal licensing landscape" VOQUZ Labs’ interactive webinar




Thumbnail that links to the post below

Why Business Partner Screening Is Non-Negotiable (Plus How To Automate It in SAP)




Thumbnail that links to the post below

S/4HANA: The path to an optimized license landscape