A $120 Million Lesson: Why a Manual Mailroom Endangers Your Business
Do you know how to steal $120 million from tech giants without writing a single line of malicious code? Evaldas Rimasauskas, a Lithuanian national, did it simply by exploiting the fatigue of staff in manual mailrooms by sending them fake invoices. Amidst a flood of thousands of documents, tired employees simply approved them. This story serves as a warning to any company where a team of specialists manually sorts emails every day. Where manual chaos and fatigue prevail, risk and fraud slip through with terrifying ease.
From Chaos to Digital Order
We encountered a similar challenge with one of our clients, a prominent international manufacturer. Their single inbox was flooded with a mix of invoices, reminders, credit notes, claims, and marketing messages. Previous attempts at automation using keywords hit their limits; they were difficult to configure, and the system was unable to grasp the context of an email. The result was thousands of pending documents in a single folder and a team of over ten people who had to manually verify every day what needed to be processed and paid.
How an Intelligent Mailroom Works in Practice
Our solution, built on the BitSwan platform, transformed this process. An automated agent now scans incoming mail every minute, using advanced Large Language Models (LLMs) to extract metadata and the content of attachments. The AI no longer looks just for keywords; it truly understands whether an attached document is an overhead invoice, an invoice with a receiving report, a credit note, or a critical reminder. Based on this, it files the email into the correct Outlook folder within seconds.
Security That Cannot Be Manipulated
We built the security of the entire process on a strict separation of roles, where the artificial intelligence serves exclusively for data extraction and classification, while all critical decisions are made by our own automated logic. Through this architectural design, we effectively protect against "prompt injection"—where an attacker tries to smuggle instructions into the email text to deceive the model's logic and force the approval of a fake document. At every step, the system automatically compares the sender's domain, tax ID, and company name against an internal database, pairing them with a unique Vendor ID securely stored in the client’s system. Because the language model itself has no authority to decide the final classification and only prepares structured data for verification, the worst-case scenario for a sophisticated attack would only result in moving the email to a different folder for manual review, rather than a systemic financial threat. BitSwan allowed us to deploy this solution into live production in less than three weeks, seamlessly incorporating dozens of specific exceptions that would have immediately stalled standard, rigid software.
Expertise Instead of Mechanical Sorting
Thanks to this automation, BitSwan takes over the most grueling routine work associated with sorting and identifying documents. The team of specialists no longer has to drown in an endless inbox but can instead dedicate their expertise to resolving process steps directly within the Business Central system. Furthermore, the entire system leaves a detailed digital footprint (audit logs) in a CouchDB database and provides monitoring via Discord. Company management thus has real-time access to metrics regarding the volume of incoming emails and the AI’s decisions. We have demonstrated that an intelligent mailroom is not just about saving time, but about the certainty that company finances are protected by modern technology.