fatcousin
// case comparison

gig payout fraud vs invoice fraud

both redirect money to a new account — but gig payout fraud is platform payout redirect and tip skimming; invoice fraud is vendor bank-detail swap on a paid invoice and AP approval chain.

primary tools · side by side

ordered entry points from the case-type taxonomy. highlighted rows appear in both case types' editorial tool lists.

case a

gig worker payout fraud

platform payout redirect · tip skimming · ghost driver accounts — interim playbook until DoorDash/Uber parsers ship.

  1. 01payment processor subpoena response normalizer stripedrop stripe subpoena response · parse merchant + transaction artifacts · runs locally
  2. 02payment processor subpoena response normalizer paypaldrop paypal subpoena response · parse account + transaction artifacts · runs locally
  3. 03venmo transaction export forensic analyzerdrop venmo download · parse payment timeline + notes · runs locally
  4. 04ios venmo artifact forensic extractordrop iOS Venmo database files from the app container · parse payment records and transaction notes · surface audience settings (public/friends/private) · surface social feed likes and comments on transactions · reconstruct Venmo financial and social activity timeline · runs locally
  5. 05case report generatorfill in case number · examiner · dates · findings · drop evidence files for auto hash · generates structured forensic report PDF · runs locally
case b

invoice fraud / vendor account change

fraudulent invoice + bank-detail-change request. tightly coupled to BEC but specifically about the paid-invoice artifact and approval chain.

  1. 01email header analyzerpaste raw email headers · trace hop-by-hop routing · SPF · DKIM · DMARC · detect spoofing · visualize delivery path · runs locally
  2. 02email thread reconstructordrop multiple .eml files · Message-ID References In-Reply-To tree · missing parent flags · flat timeline · CSV export · runs locally
  3. 03.eml / .msg email header chain analyzerdrop eml or msg email file or paste raw headers · parse all headers · reconstruct the full routing chain · extract all forensically significant fields · surface inconsistencies in the header chain · runs locally
  4. 04pdf object explorerdrop a PDF · parse raw object tree · detect embedded JavaScript · /Launch actions · encrypted streams · /EmbeddedFile · suspicious patterns · export report · runs locally
  5. 05pdf forensicsdrop a pdf · inspect objects and streams · extract javascript · embedded files · suspicious actions · object tree · malware analysis · runs locally
  6. 06pdf author and revision metadata deep analyzerdrop pdf file · extract all document information dictionary and xmp metadata · parse creation and modification timestamps · surface author software version revision count and producer chain · runs locally
  7. 07document metadata genealogy tracerdrop related documents · trace ancestor versions through metadata · revision counts · author chains · template references · printer fingerprints · reconstruct document family history · runs locally
  8. 08document metadata inconsistency finderdrop docx xlsx pptx pdf · core app props vs pdf info · temporal author revision heuristics · tracked changes timeline · runs locally

editorial overlap

3 tools mapped to both case types in the editorial taxonomy — useful when the investigation spans both surfaces.
case report generatorfatcousin cross export ioc hash correlatorfatcousin multi tool super timeline correlator

lean toward…

disambiguation signals derived from case-type descriptions and common practitioner confusion points.

lean toward gig payout fraud if you see…

  • Stripe/PayPal subpoena or Venmo/Cash App mobile artifacts showing platform payout redirect — not AP vendor bank-change workflow
  • ghost driver account, tip skimming, or gig-platform earnings timeline — no tampered invoice PDF or vendor lookalike thread
  • payment-processor payout destination change on a gig platform — not BEC email with fraudulent invoice artifact

lean toward invoice fraud if you see…

  • tampered invoice PDF, vendor lookalike email thread, or AP bank-detail change approval chain
  • bill.com or AP audit log vendor bank-change anomaly — not gig-platform earnings or driver payout export
  • BEC-style vendor impersonation with paid-invoice artifact — no driver/tip payout redirect on gig platform
ready