Xero users hit with multiple fake invoice email scams in lead up to tax time
Thursday, June 21, 2018/
Xero customers have been hit with a slew of fake invoices and phishing email attempts over the month of June, with six different variants of malicious emails hitting customer inboxes since June 4.
The first one – sent on June 4 – attempted to take advantage of the numerous emails being sent by companies recently to alert users to recent changes to the European Union’s General Data Protection Regulation (GDPR). The email attempted to get users to update their Xero email addresses by directing them to a fake website with the intention of stealing login details.
The five following scam emails were all variants of typical fake invoice scam, trying to get users to click on links that would either take them to a fake website, or download malicious software onto their computers.
According to email security company Mimecast, the malicious software is a banking trojan, which is significantly hard to detect using typical security tools.
“One notable feature in these phishing emails is that the Xero invoice, like many other phishing emails, appears to be coming from a wide variety of individuals and email addresses,” Garrett O’Hara, principal technical consultant at Mimecast said.
“Users should always be checking that the domain they have received the email from matches the business content.”
O’Hara also says business owners should be vigilant when receiving suspicious emails, checking things such as the name of the email recipient, the content of links revealed when you hover over them, and what your “spidey senses” say about the email.
He also advises SME owners to check with their security teams, if they have one, saying “five minutes to ask could save a lot of time…and embarrassment!”
On its security noticeboard, Xero maintains a list of scams they are alerted to. The company advises users to always check if their emails have come from a xero.com domain or sub-domain address, and to enable two-factor authentication on their accounts if they have not already.
From the frontlines
A leaf out of Israel's book: Australia needs to step up, or risk falling further behind Anthony Aarons Epifini co-founder
'Few are destined to be unicorns': When is the right time to sell your startup? Peter Forbes HROnboard founder
CX versus UX: What's the difference, and why does it matter? Tom Uhlhorn Tiny CX founder
How augmented reality can motivate and assist employees to develop their skills Alexander Roche Androgogic founder
Forget gender quotas: It's time to review your definition of diversity Inga Latham SiteMinder chief product officer
How to assemble a board of directors that will make, not break, your startup Mark Rohald Cluey Learning co-founder