This specific story hasn’t happened to a vali.now client… yet. But every single detail you’re about to read is built from real scams that hit inboxes in the last 365 days – same templates, same tricks, same amounts. We have simply stitched the most dangerous pieces together into one composite case so you can see exactly how perfect today’s invoice scams have become and how to unmask invoice scams.
Last Tuesday at 09:17, imagine you open your mail and see this:
Subject: “Final Reminder – Invoice 2025-1187 – Due Today – €14,800”
From: billing@adobe.com (with the real red Adobe logo next to the sender name)
A flawless PDF invoice for 25 Creative Cloud Enterprise seats you never ordered
One big blue button: “Pay Now with SEPA Direct Debit”
Eight seconds. That’s how long it takes most people to click. That’s how fast €14,800 can disappear forever. Here’s why this example email might be the most dangerous thing the inbox:
Why This Scam Is Dangerous
Today’s attacks aren’t built by amateurs with bad grammar. They’re precision-engineered:
- Your real company name, VAT number, and previous invoice history (all public or leaked)
- Perfectly spoofed sender name and logo (Gmail and Outlook happily show “Adobe Document Cloud”)
- Lookalike domain: adobé.com (that’s a Greek “é”, not a Latin one – invisible to the naked eye)
- PDF hosted behind legitimate Cloudflare/Google services so antivirus stays quiet
- SEPA Direct Debit request instead of card details – because once you authorise, banks almost never reverse it
The Four Tiny Red Flags That Still Save You and Unmask Invoice Scams
Even against something this polished, these habits work every time:
- Hover over every link before clicking
→ Real destination: adobé-gw[.]cf – Central African Republic domain, not adobe.com - Check the raw sender info (“Show original” in Gmail)
→ Actual reply-to is usually a random @outlook.fr or @proton.me address - Ask the killer question: “Did we actually order this?”
→ One quick phone call prevents disaster - Always log in to the real service directly
→ Type adobe.com (or your bank) in a fresh tab. Never use email buttons.
Your 60-Second Email Scam Defence Checklist
- Never, ever pay an invoice from an email link
- Enable “Show original” view in your mail client permanently
- Turn on 2FA on email and banking (the scams often start with a compromised supplier)
- For businesses: Double check any invoices via human sources contacted via a phone number, email, or other means of communication independent of the email in question. Triple check with an additional source if necessary.
This exact scam (or its twin) has already emptied accounts in Portugal, Spain, Germany, and the Netherlands this year. Average loss when someone clicks: €11,000–€25,000. It’s not a question of if a version of this lands in your inbox. It’s a question of when.
Don’t be the real person this story happens to next week – stay sharp and learn how to unmask invoice scams!
P.S. Got a suspicious invoice right now? Forward it to hello@vali.now – we’ll tell you if it’s real. Free, for your first email.