About a Fake Invoice and What You Can Do
In August I received an email stating that an international provider of postal and courier services wanted an invoice paid, according to the subject line.
The message arrived in my regular inbox, and the preview text contained a linked tracking number that clearly pointed to an attachment, which made me suspicious.
I hadn’t ordered anything. So it could only be spam. I left the mail unread, moved it to my spam folder, and thought that was it.
Unfortunately not. The message came again, and I moved it in the spam folder. On the third receipt within two weeks, the subject line now read “Reminder”.
I opened it in a protected mode for the first time, just to see what it was about. Note: I did not load any links, activate any link, or open or save any attachment on my system.
And there I read, addressed to me personally and correctly (surprisingly no spelling mistakes), that I should pay a modest 656.96 EUR for a shipment that, according to the letter, had been moved from one address to another in Hong Kong. Interesting.
I then looked for
1. current hints on the web about similar cases,
2. a contact address for the postal-courier service provider,
3. wrote directly to the service provider, forwarded the main information – not the original emails! –, complained about the spam,
4. … and waited.
First, within 24 hours I received a personalized reply saying they would look into the matter. Wow, I honestly did not expect that so quickly!
Then, for each of my complaint mails, I got a notice that they were handling it and that all payment demands directed at me were put on hold. Also good—particularly because I had no outstanding payments.
And, after almost three months, I finally got the information that they had examined my case and found no claim against me. So the case is clear – it was spam. Game over?
Interestingly, that message arrived exactly one day after a new spam payment request with the same pattern as before.
Apparently this isn’t the end of spam messages, but at least it’s reassuring that the service provider was informed, took the issue seriously, and communicated clearly. That is the best backup I could expect, and I am thankful for it.
Although this incident occurred in a German language, addressing a German speaker, the same kind of fake‑invoice scam shows up in inboxes worldwide—no matter what language or country.
Did you know that
- Globally, phishing accounted for ~ 90 % of reported data‑breach incidents in 2023 (Verizon DBIR).
- In the U.S., the FTC recorded over 2 million phishing complaints in 2023 alone.
- Annual loss due to cybercrimes in 2024/2025 in Germany alone amounted to ≈ 267 billion EUR (see a study by Bitkom), of which phishing accounted for up to 70% of the loses.
So beware of forged emails! Always check:
1. Am I expecting a message?
2. Do I know the sender?
3. Are there no obvious oddities in the subject (wrong language, spelling errors, etc.)?
If the answer is no, treat the message cautiously and move it to the spam folder. Do a virus scan of your system and check possible infections. If spam mails become overwhelming, possibly change your email address and seek help.
And for anyone who wants a quick guide on dealing with emails from the Federal Office for Information Security (BSI), see:
For phishing mail warnings from Deutsche Post (in German), see:
https://www.deutschepost.de/de/w/warnung-vor-gefaelschten-mails.html
If you have further questions about spam, feel free to not send an email 😂!