Risk indicators
The API will return indcators to help you understand the potential risks we have identified by analysing the invoice.
| Risk Name | Risk Level | Description |
| --- | --- | --- |
| Disposable email detected | HIGH_RISK | Disposable emails are often used to conceal identity and avoid detection, making them a high-risk indicator. |
| Newly registered domain | HIGH_RISK | A recently registered domain may indicate attempts to evade detection or establish fake accounts. |
| Too high numbers ratio in the email | HIGH_RISK | An unusually high ratio of numbers in the email address is often associated with synthetic or fake accounts. |
| Accept-all email domain | HIGH_RISK | Domains with accept-all policies mask unverified addresses, posing a higher fraud risk. |
| Domain website doesn’t exist | MEDIUM_RISK | The lack of a website for the domain raises legitimacy concerns about the email address. |
| Invalid email domain | MEDIUM_RISK | The domain of this email appears invalid, which may signal a fraudulent or inactive account. |
| Suspicious behavior detected | MEDIUM_RISK | Unusual or suspicious activity patterns detected in association with this email address. |
| No linked social accounts | MEDIUM_RISK | A lack of linked social media accounts may suggest attempts to hide true identity or limited online presence. |
| Email contains a typo | MEDIUM_RISK | The email address contains a typo, which could indicate an error or intentional manipulation to avoid detection. |
| Invalid email format | MEDIUM_RISK | The email format is invalid, potentially indicating an attempt at deception or fake account creation. |
| Email has unknown status | MEDIUM_RISK | The email status is unknown, which may signal attempts to conceal identity or bypass detection systems. |
| Risk Name | Risk Level | Description |
| --- | --- | --- |
| Disposable phone number detected | HIGH_RISK | Disposable phone numbers are temporary and are often used to hide identity and avoid detection mechanisms. |
| Virtual phone number detected | HIGH_RISK | Virtual phone numbers (e.g., VOIP) are commonly used by fraudsters as they are harder to trace to a real individual. |
| Shared-cost phone number detected | HIGH_RISK | Shared-cost phone lines may obscure the caller’s identity and are less traceable than standard phone numbers. |
| Invalid phone number format | MEDIUM_RISK | The phone number format is invalid, which might indicate an attempt to provide deceptive or fake contact information. |
| Ported phone number detected | MEDIUM_RISK | Recently ported phone numbers may be used to evade detection or previous identification methods. |
| Unknown phone number type | MEDIUM_RISK | Phone numbers of unknown types are often used for anonymity and may lack traceability. |
| Few linked accounts | MEDIUM_RISK | A limited social presence (few accounts across messaging platforms and services) may suggest a number being new or intended for anonymity. |
| Suspicious behavior detected | MEDIUM_RISK | Indicators of suspicious activity suggest the phone number might be involved in fraudulent or risky behavior. |
Website
Section titled “Website”| Risk Name | Risk Level | Description |
| --- | --- | --- |
| Blacklisted domain detected | HIGH_RISK | The domain is on a blacklist, indicating a history of malicious or suspicious activity, such as phishing or malware hosting. |
| Risky industry content detected | HIGH_RISK | The content belongs to an industry that is commonly exploited for fraud or scams, increasing the risk of malicious behavior. |
| Free hosting detected | HIGH_RISK | The domain is hosted on a free platform, which is often used for temporary or malicious purposes due to low barriers to entry. |
| Domain with bad reputation detected | HIGH_RISK | The domain has a history of being associated with fraudulent or malicious activities, raising concerns about its credibility. |
| Suspicious domain activity detected | HIGH_RISK | The domain exhibits signs of unusual activity, such as frequent updates or anomalies, which suggest potential fraud or misuse. |
| Uncommon clickable links | HIGH_RISK | The website contains unusual clickable links that are not typically seen, indicating a potential risk of phishing or malware. |
| Empty page title | HIGH_RISK | The domain’s page has an empty title, which can be a sign of poorly configured or fraudulent setups. |
| No website content | HIGH_RISK | The domain has no visible content, which might indicate it is a placeholder or used for fraudulent purposes. |
| Invalid security detected | HIGH_RISK | The website lacks proper HTTPS security, making it vulnerable to data breaches or fraudulent activity. |
| [Risk Name](HTTP status error) | MEDIUM_RISK | The page returned an error status, which may indicate issues with reliability or an incomplete configuration. |
| Domain misconfiguration detected | MEDIUM_RISK | The domain’s IP configuration appears invalid, suggesting potential misuse or misconfiguration. |
| Server error detected | MEDIUM_RISK | The server returned an error, which could indicate a compromised website or a misconfigured domain. |
| Website error detected | MEDIUM_RISK | The website encountered errors or delays in loading, which could indicate technical issues or intentional barriers. |
| External redirection detected | MEDIUM_RISK | The website redirects externally, a common tactic used in phishing or fraud schemes. |
| Risky location detected | MEDIUM_RISK | The location is flagged as high-risk due to its association with fraudulent or malicious activities. |
| Recently created domain detected | MEDIUM_RISK | The domain was registered recently, which increases the likelihood of being used for fraudulent or temporary purposes. |
Vehicle
Section titled “Vehicle”| Risk Name | Risk Level | Description |
| --- | --- | --- |
| Tax expired long time ago | HIGH_RISK | Vehicle tax has not been renewed for an extended period, raising concerns about potential non-compliance with tax regulations. |
| Invalid MOT status detected | HIGH_RISK | Vehicle’s MOT status has expired, indicating non-compliance with road safety and legal standards. |
| Old vehicle detected | HIGH_RISK | The vehicle is flagged as older, which may not meet the required safety or performance standards for recent use. |
| Recently registered older model detected | HIGH_RISK | Older vehicle model recently registered, suggesting potential inconsistencies in the vehicle’s history. |
| No MOT status detected | MEDIUM_RISK | No MOT status detected, possibly indicating incomplete verification or missing documentation for the vehicle. |
| Obsolete vehicle detected | MEDIUM_RISK | Vehicle is flagged as obsolete, which may imply operational issues or non-compliance with modern requirements. |
| Untaxed vehicle detected | MEDIUM_RISK | Vehicle is flagged as untaxed, indicating a potential breach of regulatory compliance. |
File Context Analysis
Section titled “File Context Analysis”| Risk Name | Risk Level | Description |
| --- | --- | --- |
| Aggressive language detected | HIGH_RISK | Aggressive language often associated with scams or fraud, creating urgency or intimidating the recipient to take quick action. |
| Urgent language detected | HIGH_RISK | Urgent tone detected, which is a common tactic used in fraudulent communication to rush decisions and bypass scrutiny. |
| Suspicious language detected | HIGH_RISK | Suspicious phrases or wording patterns that are frequently used in scams or fraudulent contexts. |
| Alternative delivery method suggested | HIGH_RISK | Suggestions for alternative delivery methods, which can bypass safer, traceable standard delivery options, increasing risk. |
| Alternative payment method suggested | HIGH_RISK | Offers or requests for alternative payment methods that lack buyer protections, increasing the likelihood of fraud. |
| Total amount inconsistency | HIGH_RISK | Total amount doesn’t match the sum of subtotal and tax amounts, raising concerns about legitimacy of the invoice. |
| External links detected | MEDIUM_RISK | External links that redirect users to potentially fraudulent or phishing websites outside of secure platforms. |
| Grammar or spelling errors | MEDIUM_RISK | Detected grammar or spelling mistakes, which are commonly observed in scam communications to appear hurried or less credible. |
| Suspiciously low price | MEDIUM_RISK | Pricing is unusually low, which may indicate scams or counterfeit goods aimed at luring victims with enticing offers. |
| Newly created seller ccount | MEDIUM_RISK | Seller account is newly created, which might lack transaction history or established credibility, posing fraud risks. |
| Non UK seller location | MEDIUM_RISK | Seller’s location is outside the UK, which can increase risks due to less traceable transactions or unregulated markets. |
| Uncommon seller username | MEDIUM_RISK | The seller username appears inconsistent, or uncommon, raising concerns about authenticity or legitimacy. |
| Mention of non-refundable policies | MEDIUM_RISK | Mention of non-refundable policies detected, which may signal attempts to avoid liability in case of fraudulent behavior. |
| Redirection to external communication channel | MEDIUM_RISK | Users being redirected to external platforms for communication can bypass safer in-app messaging systems, increasing scam risk. |
File Forensic Analysis
Section titled “File Forensic Analysis”| Risk Name | Risk Level | Description |
| --- | --- | --- |
| Digital print detected | HIGH_RISK | Direct conversion from PDF to image often indicates attempts to obscure or tamper with original content. |
| Text overlay detected | HIGH_RISK | Text overlay on images can obscure key details, raising concerns about document legitimacy. |
| Contains word over plain image | HIGH_RISK | Words on plain images are uncommon and may suggest attempts to disguise or modify original content. |
| Screenshot detected | HIGH_RISK | Screenshots are often used to bypass document verification processes, increasing fraud risk. |
| Image with dubious modification history | HIGH_RISK | Metadata showing extensive edits raises suspicion about the image’s authenticity. |
| Edited with Adobe Photoshop | HIGH_RISK | Photoshop editing often correlates with tampered or manipulated content. |
| Inconsistent modification timestamps | HIGH_RISK | Irregular timestamps often indicate unauthorized or hidden edits to the document. |
| Saved in Acrobat PDFMaker | LOW_RISK | Use of Acrobat PDFMaker may indicate document reprocessing or tampering. |
| Saved in Adobe Distiller | LOW_RISK | Adobe Distiller usage often points to potential reformatting or manipulation of the document. |
| Processed in Canva | LOW_RISK | Canva usage is typically low-risk but may indicate non-standard editing practices. |
| Processed in Illustrator | MEDIUM_RISK | Illustrator edits can suggest graphic alterations, posing a potential risk. |
| Processed in Photoshop | MEDIUM_RISK | Photoshop usage can suggest graphical alterations or tampering with the document content. |
| Google Docs detected | LOW_RISK | Google Docs modifications may lack detailed metadata, limiting traceability. |
| Inconsistent PDF version | MEDIUM_RISK | Inconsistent PDF versions can indicate unauthorized modifications to the document. |
| Missing internal objects | HIGH_RISK | Missing internal objects suggest improper editing or tampering. |
| Metadata modified | HIGH_RISK | Modified metadata suggests tampering, often aimed at obscuring the document’s history or origin. |
| Unusual fonts detected | MEDIUM_RISK | Unusual fonts could indicate the use of software tools to alter or fabricate document content. |
| Suspicious spacing detected | MEDIUM_RISK | Artificial spaces or formatting irregularities can indicate content manipulation or forgery. |
| Digitally inserted text | LOW_RISK | Digital text regions suggest post-creation alterations to the content. |
| Edited using graphical editor | MEDIUM_RISK | Tags from graphical editing software indicate possible modifications. |
| Copied or duplicated elements detected | MEDIUM_RISK | Duplicate regions in documents often indicate fraudulent tampering or alteration. |
| Unusual PDF comments detected | MEDIUM_RISK | Unusual comments in PDF metadata may indicate tampering or document manipulation. |
| Unexpected file format | MEDIUM_RISK | PNG files are frequently edited and saved in high quality, indicating potential tampering. |
| File format mismatch | MEDIUM_RISK | File format inconsistencies often indicate attempts to alter or conceal document authenticity. |