T
Invoice Fraud Detection

INV-2025-VCYKCS

High Risk
Unknown Vendor#INV-2024-0912$45,000
Risk Level
high

5 flags detected including: urgency_language, social_engineering

Signal Coverage
1%

Limited vendor history available

Flags Detected
5

2 high, 2 medium, 1 low

Urgency Languagehighdeterministic

Urgency keywords detected: urgent, wire immediately, wire transfer required, confidential, do not discuss, act now, URGENT, URGENT - WIRE IMMEDIATELY, Wire transfer required - ACT NOW, Please process immediately to avoid service interruption., Our banking information has changed. Please update your records immediately., DO NOT use previous bank details.

This invoice contains language commonly associated with business email compromise (BEC) attacks.

Recommendation: Verify the request through a known contact before processing.

Social Engineeringhighprobabilistic

The invoice contains multiple high-pressure and urgent demands for immediate payment and bank change.

The invoice uses aggressive urgency language ('URGENT - WIRE IMMEDIATELY', 'ACT NOW', 'avoid service interruption') and explicitly states that banking information has changed, demanding immediate updates and secrecy ('DO NOT use previous bank details,' 'please do not discuss with others'). This is a classic social engineering tactic (BEC/EAC) designed to bypass standard verification protocols.

Recommendation: Immediately halt payment processing. Contact the vendor using a pre-established, trusted phone number or email address (not the one listed on the invoice) to verbally confirm the change in banking details and the legitimacy of the invoice.

Suspicious Email Domainmediumprobabilistic

Vendor contact email uses a free domain (Gmail).

Professional businesses typically use corporate email domains (e.g., @techvendor.com) rather than generic free email services (like @gmail.com) for official billing communications. This is a common tactic used by fraudsters.

Recommendation: Verify the legitimacy of the invoice and the contact email address using established, known contact methods (phone number or email) that are already on file, not the ones provided on the invoice.

Generic Line Itemsmediumprobabilistic

The sole line item is 'Consulting Services' for $45,000.00 without any detail.

A high-value invoice ($45,000) should include specific details regarding the consulting work performed, dates of service, project name, or deliverables. Lack of detail makes verification difficult.

Recommendation: Request a detailed statement of work (SOW) or time sheet corresponding to the $45,000 charge before processing payment.

Unknown Vendorlowdeterministic

Vendor not found in approved vendor list

This vendor has no prior transaction history in the system.

Recommendation: Follow new vendor onboarding procedures before payment.

Amount Anomaly
{
  "isAnomaly": false
}
Bank Detail Change
{
  "hasChange": false
}
Duplicate Invoice
{
  "isDuplicate": false
}
Po Match
{
  "checked": false
}
Totals Consistency
{
  "calculatedTotal": 45000,
  "discrepancy": 0,
  "isConsistent": true,
  "statedTotal": 45000
}
Urgency Keywords
{
  "detected": true,
  "keywords": [
    "urgent",
    "wire immediately",
    "wire transfer required",
    "confidential",
    "do not discuss",
    "act now",
    "URGENT",
    "URGENT - WIRE IMMEDIATELY",
    "Wire transfer required - ACT NOW",
    "Please process immediately to avoid service interruption.",
    "Our banking information has changed. Please update your records immediately.",
    "DO NOT use previous bank details."
  ]
}
Vendor Known
{
  "isKnown": false
}

Header

{
  "contractReference": null,
  "dueDate": "2024-12-13",
  "invoiceDate": "2024-12-12",
  "invoiceNumber": "INV-2024-0912",
  "poNumber": null
}

Vendor

{
  "contactEmail": "[email protected]",
  "contactPhone": "+1-555-0123",
  "remittanceAddress": null,
  "remittanceName": null,
  "taxId": null,
  "vendorAddress": "789 Tech Center Way\nAustin, TX 78701",
  "vendorName": "TechVendor Solutions LLC"
}

Payment

{
  "accountNumberLast4": "3210",
  "bankName": "Offshore International Bank",
  "changeInstructions": [
    "Our banking information has changed. Please update your records immediately.",
    "DO NOT use previous bank details."
  ],
  "paymentEmail": null,
  "paymentPortal": null,
  "routingNumberLast4": "0089",
  "urgencyLanguage": [
    "URGENT",
    "URGENT - WIRE IMMEDIATELY",
    "Wire transfer required - ACT NOW",
    "Please process immediately to avoid service interruption."
  ]
}

Totals

{
  "currency": "USD",
  "discount": null,
  "shipping": null,
  "subtotal": null,
  "tax": null,
  "total": 45000
}

Advisory Notice: This analysis provides advisory signals only and is not a determination of fraud. All flagged items require human review before any action is taken. This output should not be used for automated decision-making.