Xero users hit with multiple fake invoice email scams in lead up to tax time

xero email

Xero customers have been hit with a slew of fake invoices and phishing email attempts over the month of June, with six different variants of malicious emails hitting customer inboxes since June 4.

The first one – sent on June 4 – attempted to take advantage of the numerous emails being sent by companies recently to alert users to recent changes to the European Union’s General Data Protection Regulation (GDPR). The email attempted to get users to update their Xero email addresses by directing them to a fake website with the intention  of stealing login details.

The five following scam emails were all variants of typical fake invoice scam, trying to get users to click on links that would either take them to a fake website, or download malicious software onto their computers.

An example of the fake invoices. Source: Xero.

According to email security company Mimecast, the malicious software is a banking trojan, which is significantly hard to detect using typical security tools.

“One notable feature in these phishing emails is that the Xero invoice, like many other phishing emails, appears to be coming from a wide variety of individuals and email addresses,” Garrett O’Hara, principal technical consultant at Mimecast said.

“Users should always be checking that the domain they have received the email from matches the business content.”

O’Hara also says business owners should be vigilant when receiving suspicious emails, checking things such as the name of the email recipient, the content of links revealed when you hover over them, and what your “spidey senses” say about the email.

He also advises SME owners to check with their security teams, if they have one, saying “five minutes to ask could save a lot of time…and embarrassment!”

On its security noticeboard, Xero maintains a list of scams they are alerted to. The company advises users to always check if their emails have come from a xero.com domain or sub-domain address, and to enable two-factor authentication on their accounts if they have not already.

NOW READ: Employees’ online shopping at work could cause “significant cost” to SMEs through cyber attacks


Notify of
Inline Feedbacks
View all comments
SmartCompany Plus

Sign in

To connect a sign in method the email must match the one on your SmartCompany Plus account.
Or use your email
Forgot your password?

Want some assistance?

Contact us on: support@smartcompany.com.au or call the hotline: +61 (03) 8623 9900.