Cybercriminals mimic Xero in invoice email scam

Posted by Akankasha Dewan on 04 April 2019 14:07:29 AEDT

Popular cloud accounting company Xero has once again been spoofed in an email scam.

Cybercriminals are sending hoax invoice notifications purporting to be from the company to users.

MailGuard detected this scam infiltrating inboxes this afternoon (AEST). It uses a display name of an email with the domain ‘’

The body of the email is simple, advising recipients that their Xero invoice is ready, and that the amount in the invoice will be debited from their credit card. The amount will be debited from their credit card on or after '23 Oct 2018'

A link is included to view the bill online.

Here is a screenshot of the email:

Xeor social scam 

Unsuspecting recipients who click on the link to view their invoice are led to what is currently showing as a blank page. However, MailGuard suspects the site could be used to serve a malicious file download.


Eagle-eyed recipients will notice that real Xero invoices commonly use a PDF attachment rather than a link to an external website.

Another easy way to check potentially-suspicious emails is to hover your mouse over the sender’s address. This will reveal more about the real sending domain.

In this particular scam, cybercriminals have tried to make the email look as legitimate as possible by including the link to Xero Central’s ‘support article’ – a feature commonly included in authentic notifications from such a well-established cloud accounting company.

In a similar vein, they have also added in a note at the end warning users about the increasing frequency of fake invoice emails purporting to be from Xero.  

Accountants, bookkeepers and financial professionals are particularly attractive to cybercriminals who know that they hold access to valuable financial information for company payrolls, invoicing, and the like.

One Email

If your company is using an online platform like Xero, then you already know the benefits of cloud-based technology. Doing business online opens up opportunities for collaboration on an unprecedented level, but with that opportunity comes significant risk.

Cybercriminals utilise sophisticated AI technology to monitor business and social networks and they exploit the data they collect to infiltrate organisations. All criminals need to break into your business is a cleverly worded email; if they can trick one person in your company into clicking on a malicious link they can gain access to your data.

 For a few dollars per staff member per month, add MailGuard's cloud-based email and web filtering solution to your business security. You’ll significantly reduce the risk of new variants of malicious email from entering your network. Talk to an expert at MailGuard today about your company's cybersecurity needs:

Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update, or follow us on Twitter @MailGuard.

Keep Informed with Weekly Updates


^ Back to Top

Topics: Phishing email scam Cybersecurity cybercrime Xero

Back to Blog


Something Powerful

Tell The Reader More

The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.


  • Bullets are great
  • For spelling out benefits and
  • Turning visitors into leads.

Recent Posts

Posts by Topic

see all