Finance · Fraud · Singapore

BEC fraud prevention in
Lark payment approvals.

Published Apr 23, 2026 · 6 min read

Singapore Police reported SGD 198 million lost to BEC scams in 2024 alone. Business Email Compromise is the most expensive fraud pattern hitting SMBs, and the mechanics are almost insultingly simple.

The attacker compromises a supplier's email. They wait for a legitimate invoice to be sent. They intercept, modify the bank account, and resend. The finance team in the receiving company never notices — the email looks identical, the invoice looks identical, only the account number changed. Funds leave. Funds don't come back.

Why human review fails at catching BEC

The attacker is exploiting a specific human blind spot: nobody memorizes bank account numbers. You remember the supplier name, you maybe remember the amount range, but the 10–16 digit account number is never memorable. Finance teams rely on "looks right" and the usual heuristics don't check that number.

Worse, the email context is often legitimate — a real invoice, a real PO number, a real amount. The only thing wrong is the account details. If your review process is "does the invoice look right," you will pay the fraudster.

The bank-account drift check

The solution is boringly simple: remember the bank account you paid last time, compare to the one in front of you, surface any difference. This is what machines are for.

When a payment approval lands in Lark, Kopi extracts the payee name and the bank account from the form. It looks up the payee in pattern memory. If there is a history — "we have paid this payee 3 times, always to account 001-1234567" — and the incoming account is different, the card comes back red with both accounts quoted side by side. The approver sees the drift before they click.

First-time payees get a yellow card with "new payee — verify before approving." On the first approval, Kopi writes the (payee, account) tuple to memory. Every subsequent payment gets cross-checked automatically.

Three other guards worth running in parallel

Duplicate payment detection

Same payee + same amount within 30 days = red block. Catches both honest double-submits and social-engineering duplicate-invoice fraud.

Invoice-form amount match

Claude Vision parses the attached invoice PDF. If the invoice total disagrees with the Lark form amount by more than 1%, red block with both numbers quoted.

Round-number detector

Suspicious round amounts (SGD 10,000 flat for a non-retainer vendor) get a yellow warning. Real invoices rarely land on round numbers.

The ROI math

Average BEC loss per incident in Singapore is six figures. Founding Member pricing for the Kopi Finance Pack is SGD 199/month. Preventing a single BEC incident pays for 50 years of the product.

That calculation would be a cheap pitch if the product didn't do other things too. But Kopi also handles reimbursement, purchase, contracts, activity funds, and reserve fund reconciliation — BEC prevention is one of six jobs the Finance Pack does. The BEC calculation is the floor, not the ceiling.

Turn on BEC-fraud guards in your Lark workspace

Free beta through Sep 2026. Founding members lock in 50% off for 12 months.

Lock in Founding pricePayment fraud solution

Keep reading

Detecting expense report fraud with AI →
Patterns AI catches that humans miss
AI invoice verification for SMBs →
What Claude Vision extracts from receipts