Akankasha Dewan 16 November 2018 10:06:23 AEDT 1 MIN READ

Beware of this invoice email scam brandjacking Xero

Popular cloud accounting company Xero is among the latest firms to be brandjacked. Cybercriminals are sending hoax invoice notifications purporting to be from the company to users.

Using the display name ‘Xero Billing Notifications’, the emails hit inboxes on Tuesday AEST. The body of the email is simple, advising recipients that their Xero invoice is ready, and that the amount in the invoice will be debited from their credit card. The fraudulent email actually comes from a large number of compromised email accounts.

The email includes several links leading to legitimate Xero help pages. A link to the bill is also provided, containing an invoice number (for example: INV- 2421379 as in the below screenshot). This link is malicious.

Xero Email Scam

MailGuard suspects that recipients who click on the link containing the invoice number are led to a blank page which serves up a malicious file download in some cases.


Eagle-eyed recipients will notice that real Xero invoices commonly use a PDF attachment rather than a link to an external website.

Another easy way to check potentially-suspicious emails is to hover your mouse over the sender’s address. This will reveal more about the real sending domain.

One Email

If your company is using an online platform like Xero, then you already know the benefits of cloud-based technology. Doing business online opens up opportunities for collaboration on an unprecedented level, but with that opportunity comes significant risk.

Cybercriminals utilise sophisticated AI technology to monitor business and social networks and they exploit the data they collect to infiltrate organisations. All criminals need to break into your business is a cleverly worded email; if they can trick one person in your company into clicking on a malicious link they can gain access to your data.

For a few dollars per staff member per month, add MailGuard's cloud-based email and web filtering solution to your business security. You’ll significantly reduce the risk of new variants of malicious email from entering your network. Talk to an expert at MailGuard today about your company's cybersecurity needs: expert@mailguard.com.au

Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update, or follow us on Twitter @MailGuard.

Keep Informed with Weekly Updates


^ Back to Top