cole-invoice-fraud — vendor lookalike + tampered invoice PDF
Cole Manufacturing AP wired $127,450 on COLE-INV-7721 after apex-industrlal.com lookalike thread and incremental PDF remittance edit. Legitimate apexindustrial.com baseline included. Fully synthetic.
what this proves
- all eight invoice-fraud primary engines produce deterministic, fixture-locked output — verified by
npm run check:flagship(208/208 fleet · 8 for this scenario). - every output is generated 100% locally in your browser — save .eml, never forward.
- lookalike vendor domain, hijacked reply thread, incremental pdf remittance edit, and metadata genealogy drift across pdf/docx branches surface without uploading evidence.
primary engines locked to this fixture
build the case binder
runs all eight primary engines on the synthetic evidence zip and opens a self-contained html binder. uses the default binder renderer for invoice fraud — no upload.
runs all 8 primary engines locally on the synthetic evidence zip · opens a self-contained html binder · no upload
download the synthetic evidence
MIT-licensed, fully synthetic. includes fraudulent .eml on apex-industrlal.com lookalike, legitimate vendor thread, tampered invoice pdf with incremental remittance edit, original pdf baseline, and matching docx source pair for COLE-INV-7721.
built deterministically from scripts/fixtures/build-cole-invoice-fraud.mjs. seed: cole-invoice-fraud:v1.
methodology
invoice fraud is not generic bec — save every .eml first, then walk header analyzer → thread reconstructor → chain analyzer → object explorer → pdf forensics → author revision metadata → metadata genealogy → inconsistency finder. prove the lookalike domain and incremental pdf edit before the wire recall window closes. read the full invoice fraud / vendor account change guide →
after the playbook
run each primary locally — or export findings from the binder — then drop every csv/json into fatcousin-multi-tool-super-timeline-correlator. one timestamp-sorted timeline across lookalike vendor thread, incremental pdf remittance edit, author revision drift, and metadata genealogy — still zero upload.