Protect yourselves from Trojan e-invoices with these 4 steps

May 24, 2012  |  Electronic Invoicing, Events

AuthentiDate new 225x225 Protect yourselves from Trojan e invoices with these 4 stepsAs we recently reported here are currently e-mails circulating with which a falsified electronic invoice is sent as a PDF file attached to the e-mail.

This PDF file contains spy software, a so-called Trojan. As soon as the recipient of the e-mail opens the alleged invoice file, the malware is downloaded from the Internet and installed on the computer.

Most likely these kinds of einvoice e-mails will increase in Europe with the upcoming EU liberalisation.

Protect yourselves from Trojan einvoices

Every invoice recipient can protect himself easily, cost-effectively, and very efficiently against such Trojans. The qualified signature proves the integrity and authenticity of the electronic invoice in compliance with the law. You should only trust electronic invoices that have a qualified signature, and he should request a signature from the sender for every invoice.

  • The invoice recipient should check the qualified signature of the electronic invoice before he opens the invoice file on his computer.The free signature checking service Signature-Check is available for this ( Since the signature check is performed before the file is opened on the computer, possible Trojans cannot take over the computer.
  • If the result of the check is positive, then the recipient of the invoice can assume that the invoice actually comes from the sender who claims to have sent the invoice – that is, his supplier – and that it is free of Trojans.
  • If the check of the qualified signature fails and generates a negative result, then the invoice recipient should not open the PDF file and should inform the invoice sender of the error. In this case, the file may contain a Trojan.
  • If the invoice sender is not in a position to provide a qualified signature for the invoices, this task can also be handled by a service provider. The service provider signs the invoices on behalf of the sender. These signatures also protect the invoice recipient against Trojans.

Cloud digital signature service: SIGNAMUS

The cloud service SIGNAMUS ( offers invoice signatures at the request of the sender, as well as additional invoice services cost-effectively and easily.

Qualified signature have been confirmed explicitly by the German Federal Ministry of Finance (BMF) in the current tax simplification act (passed on September 23, 2011) as a suitable technical means of proving the authenticity and integrity of electronic signatures.

With the qualified signature, both invoice senders and invoice recipients therefore automatically fulfill the requirements of the tax simplification act. At the same time, the qualified signature for electronic invoices offers effective protection against files that could manipulate or that may be infected with Trojans.

More about securing your einvoices in this workshop

For more about the topic of sending and receiving electronic invoices, attend the eInvoicing Workshop on June 21, 2012 in Düsseldorf (all lectures in German language): Registration and program at

Related Posts

Comments are closed.