Invoice-related spam is common. It doesn't mean, though, that everyone stops it.
This one spoofs a well-known Spanish company. It claims that an invoice was not paid in full. The payload was a malicious .xlsx file, however, it was missed by Microsoft ATP. Avanan stopped this attack.
Here's what the attack looks like. The subject is: "Urgent"
This is the content of the .xlsx file:
When you press "Open" a malicious javascript beings to run.
Contact Sales 
