fbpx

Xero, The New Email Scam Victim

Xero, The New Email Scam Victim

Earlier this month Xero announced on their noticeboard of yet another email scam impersonating them.

Mail Guard was quick to detect this scam and shed some light on the situation also.

This malicious email appears to be using the display name of Xero and states a reminder in the subject line that an overdue invoice is for ‘Urban Clean Accounts’.

The email body displays a convincing Xero message that states a ‘friendly reminder’ informing the recipient that their current invoice is overdue.

Upon clicking the link to “View Invoice” you are redirected to what appears to be a Xero site for hosting invoice files. The page then indicates that the file can’t be found and should be downloaded manually as per the screenshot below.

Unsuspecting recipients who click the link within the page are not led to a phishing or payload download. However, Mail Guard suspects that the owners of this site could change this at any time.

How Do I Know This Is a Scam?

  • A genuine Xero email will always come from a xero.com domain or sub-domain address. Example: @xero.com, @post.xero.com, @send.xero.com, @sendnz.xero.com, @support.xero.com
  • Incorrect spelling or grammar could be a good give away to a scam, especially if the email has heaps of basic errors.
  • Xero invoices commonly use a PDF attachment rather than an external website
  • If the email asks for personal information they should already have could indicate a suspicious email.
  • In this scam, the error message and lack of an actual file in the second screenshot is a clear red-flag that should rouse suspicions about its legitimacy.
  • Hover your mouse over the sender’s address to reveal more information about the real sending domain.

How Can I Avoid an Attack?

  • Don’t click on any link or attachment within the email
  • Don’t reply to the email
  • Delete the email
  • Update your anti-virus systems and run a full scan on your computer. If you don’t know how to do this call us or your existing IT support team.

Need Help Staying Protected Against Email Scams?

itro offer a range of IT support plans, secure backup products, anti-virus protection and more to ensure you have the best technology available to protect you from nasty scams such as this one.

Call us on 1800 10 3000 or email [email protected] for your FREE IT assessment or feel free to contact us with any questions you may have about your security concerns.

References

  • https://www.mailguard.com.au/blog/invoice-email-scam-spoofing-xero-attacks-inboxes-again
  • https://www.xero.com/blog/security-noticeboard/
No Comments

Sorry, the comment form is closed at this time.