T
Invoice Fraud Detection

INV-2025-SGWHH3

Medium Risk
Global Cyber Partners, LLC#INV-2025-9042$48,250
Risk Level
medium

3 flags detected including: social_engineering

Signal Coverage
1%

Limited vendor history available

Flags Detected
3

1 high, 1 medium, 1 low

Social Engineeringhighprobabilistic

Urgency and Change in Payment Instructions

The invoice demands immediate payment (4-day net) right before a major holiday (Christmas/New Year) and explicitly states a change in payment method ('updated Corporate Clearing Account') and includes urgency language ('to avoid processing delays during the holiday shutdown'). This combination is a classic social engineering tactic used in Business Email Compromise (BEC) attacks to rush payment to a fraudulent account.

Recommendation: IMMEDIATELY halt payment. Verify the change in banking details directly with a known contact at Global Cyber Partners, LLC using a previously established phone number or secure communication channel, NOT by replying to the invoice email.

Urgency Languagemediumdeterministic

Urgency keywords detected: to avoid processing delays during the holiday shutdown., All payments must be made via Wire Transfer to the updated Corporate Clearing Account

This invoice contains language commonly associated with business email compromise (BEC) attacks.

Recommendation: Verify the request through a known contact before processing.

Unknown Vendorlowdeterministic

Vendor not found in approved vendor list

This vendor has no prior transaction history in the system.

Recommendation: Follow new vendor onboarding procedures before payment.

Amount Anomaly
{
  "isAnomaly": false
}
Bank Detail Change
{
  "hasChange": false
}
Duplicate Invoice
{
  "isDuplicate": false
}
Po Match
{
  "checked": false
}
Totals Consistency
{
  "calculatedTotal": 48250,
  "discrepancy": 0,
  "isConsistent": true,
  "statedTotal": 48250
}
Urgency Keywords
{
  "detected": true,
  "keywords": [
    "to avoid processing delays during the holiday shutdown.",
    "All payments must be made via Wire Transfer to the updated Corporate Clearing Account"
  ]
}
Vendor Known
{
  "isKnown": false
}

Header

{
  "contractReference": null,
  "dueDate": "2025-12-27",
  "invoiceDate": "2025-12-23",
  "invoiceNumber": "INV-2025-9042",
  "poNumber": null
}

Vendor

{
  "contactEmail": "[email protected]",
  "contactPhone": null,
  "remittanceAddress": null,
  "remittanceName": null,
  "taxId": null,
  "vendorAddress": "1201 Delaware Ave, Suite 600\nWilmington, DE 19806",
  "vendorName": "Global Cyber Partners, LLC"
}

Payment

{
  "accountNumberLast4": "0194",
  "bankName": "Bank of America, N.A.",
  "changeInstructions": [
    "All payments must be made via Wire Transfer to the updated Corporate Clearing Account"
  ],
  "paymentEmail": null,
  "paymentPortal": null,
  "routingNumberLast4": "0358",
  "urgencyLanguage": [
    "to avoid processing delays during the holiday shutdown."
  ]
}

Totals

{
  "currency": "USD",
  "discount": null,
  "shipping": null,
  "subtotal": 48250,
  "tax": 0,
  "total": 48250
}

Advisory Notice: This analysis provides advisory signals only and is not a determination of fraud. All flagged items require human review before any action is taken. This output should not be used for automated decision-making.