AI-Native Works.
AI-Native Works.
A fake "Handelsregister" invoice — and the agent that catches it before I pay
Case Studies

A fake "Handelsregister" invoice — and the agent that catches it before I pay

How a scam in the mailbox turned into a permanent safeguard in ten minutes — built with Claude Cowork, with no programming at all.

Hans Luther
Hans Luther
· 5 min read

A short case study from everyday business operations: how a scam in the mailbox turned into a permanent safeguard in ten minutes — built with no programming at all, just the right prompts.

The letter

Yesterday a letter landed in the mailbox of my newly founded company. A court coat of arms up top, “Rechnung” (invoice) in bold, a case number, a payment reference, and a demand for €1,923.80 for a “Handelsregister” (commercial register) announcement. Payable within three “Werktage” (business days), or else enforced collection. It looked like exactly the kind of mail you pay and tick off as the managing director of a young company.

The fake letter, as it arrived — sensitive data redacted.

And for a brief moment, that was my first reflex too — just another registration fee, tick it off, move on.

The second look

Then I paused. The coat of arms was North Rhine-Westphalia’s — the Rhine band, the Westphalian horse, the Lippe rose. I’m from Gütersloh in NRW myself, so this caught my attention. Except the letter claims to come from a Berlin court, and Berlin’s arms are the bear, not the horse. I looked closer, and it got worse: a “Zahlstelle” (payment office) in Frankfurt, a judge’s signature in Berlin, and the bank details were a Spanish IBAN (ES…) paired with the BIC of a German retail bank. Three federal states on one letter, and court fees supposedly flowing to a private account abroad.

A quick check with the AI, just to be sure. The answer was pretty clear: a scam. The scheme is well known — freshly registered companies show up in the public “Handelsregister” announcements, and the fake invoices arrive right on cue.

So in that moment I was paying attention. But here’s the thing, and it’s the point: a letter like that slips through easily. You’re in the middle of the day’s work, the mail piles up, and “Amtsgericht” (the local court) plus “three business days” create exactly the pressure that works. It doesn’t take much for the transfer to go out.

The process that already existed

Here’s the part that matters to me. I already had a process running. On my machine, a scheduled task in Claude Desktop with Cowork goes through my scan folder once a day: every new document gets OCR’d into something searchable, renamed by a fixed convention (date, sender, recipient, document type, context), summarized into a Markdown report, and filed neatly into the company records. Pure busywork I never want to do by hand again.

I scanned the fake letter anyway, if only to keep it as evidence and a reference. And of course my agent did exactly what it was built to do: ran it through, OCR, tidy filename, into the folder. A scam attempt, cleanly processed and properly filed — my process had waved it through without a blink. There was the gap.

The small change

So in a short session I extended the agent by one step. For any document that asks for money or an action, it now checks whether it’s really a potential scam. Do the coat of arms, sender, and signature line up? Does the bank account belong to a public authority, or some dubious account abroad? Is the amount realistic? Is there pressure from a tight deadline?

The auto-inserted warning page — in this case, around 90% scam probability.

Those are very concrete examples — but explicitly not a fixed checklist. The AI makes the call itself, with the full capabilities of a language model. And that’s the point: it would just as readily catch a different scam tomorrow, one with completely different markers that no rigid rule would ever have flagged.

From that assessment, the agent decides how to handle the document. High likelihood, and it marks it SCAM; below that, POSSIBLE-SCAM — right in the filename, up front, in capitals, so it jumps out in the folder. In the Markdown report that later determines how the document gets filed, there’s a dedicated block at the top: how likely a scam it is, with the specific reasons below. And — my favorite part — it pushes a first page in front of the PDF: a big red warning reading “SCAM — DO NOT PAY,” the confidence level right at the top, the reasons underneath. Nothing gets deleted; the document stays on file as a record, just unmistakably marked as what it is.

What it comes down to

Out of a letter that could quickly have cost close to €2,000, in about ten minutes came a permanent safeguard — one that catches every future attempt of this kind, even on the days I’m not looking as closely.

And that’s the real core for me: safeguards like this aren’t just for companies with an IT department. This was built 100% with Claude Cowork and a scheduled task, no dev team and no custom software. The fact that it’s the AI itself judging each document, rather than a rigid rule, is the decisive part, because that’s how the process catches tomorrow’s scams too. This kind of safeguard, built in almost as a side effect, is the strength of AI in everyday business, and it’s within reach for just about any company, with a bit of help setting it up.

Not running agents like this in your company yet?

That’s exactly what I help with. Document handling, fraud detection, or the small bits of busywork nobody wants to do — let’s talk.

Share this article:
Back to all posts