report(kittle): fold confirmed invoice amounts into IC3 report

Inv #31468 $123,776.75 (confirmed), Inv #31400 ~$8,818, Inv #31453 $41,231 (open);
total identified exposure $130,000+ since the ACH change redirects all City->Kittle payments.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

clients/kittle/reports/2026-06-09-ic3-bec-fraud-report.md

@@ -27,9 +27,10 @@
 **Nature:** Attacker submitted a fraudulent ACH/EFT banking-change ("BSD ACH Application", "Change" box) to the City of Tucson, impersonating Kittle's bookkeeper, to redirect Kittle's incoming City payments to attacker-controlled accounts.
 
 **Targeted / exposed payments (City of Tucson → Kittle, EFT):**
-- Invoice #31400 — KDC Job #5700.25B, "COT Knights Inn — Fire Suppression" (PO-007291); City indicated EFT processing **2026-06-09**. Approx. amount referenced in thread: ~$8,818.00 (confirm with City).
-- Invoice #31468 — Job #5654.25, "MMC Generator Upgrade" — **$123,776.75**.
-- NOTE: an approved ACH banking change would redirect ALL future City-of-Tucson payments to Kittle, so exposure is not limited to a single invoice.
+- Invoice #31468 — Job #5654.25, "MMC Generator Upgrade" — **$123,776.75** (confirmed from the City payment thread).
+- Invoice #31400 — KDC Job #5700.25B, "COT Knights Inn — Fire Suppression" (PO-007291); City indicated EFT processing **2026-06-09**. Amount ~**$8,818.00** (approximate per thread; confirm exact with City).
+- Additional open Kittle invoices were identified in the mailbox (e.g. Invoice #31453, **$41,231.00**, due 2026-06-28); any billed to the City would also have been exposed.
+- **Total identified exposure: $130,000+** (≥ $123,776.75 + ~$8,818). Because an approved ACH banking change redirects ALL future City-of-Tucson payments to Kittle, exposure is NOT limited to a single invoice and the true figure may be higher.
 
 **Fraudulent receiving (mule) accounts:**
 | # | Bank | Routing/ABA | Account # | Name on account | Source |