Originally published at htpbe.tech. The version on htpbe.tech stays in sync with the latest detection algorithm — refer to it for the canonical text.

The FBI’s Internet Crime Complaint Center reported over $2.7 billion in losses from business email compromise and invoice fraud in 2023 alone. The money leaves through accounts payable. The mechanism is almost always the same: a PDF invoice that looks correct but was modified after it left the issuing system.

AP automation has made this worse, not better. When humans stop looking at individual invoices, the file structure stops being examined at all.

Three Fraud Vectors, One Common Trail

Invoice fraud reaching AP teams falls into three patterns. All three leave structural evidence in the PDF file.