Caution: fake 'Xero' invoice notification scam

Posted by Emmanuel Marshall on 26 February 2018 12:43:36 AEDT

MailGuard has detected a new email scam using fake ‘Xero’ domains in the sender addresses.

This message, shown in the screenshot above, is designed to look like an invoice notification from ‘The Advocates Property Advisory.’
The message contains a ‘view invoice’ link which if clicked, directs the scam victim to download an MS Word .doc file containing hidden malware.

This message is being sent out with a wide range of variations in the sender addresses.

Some of the sender address variants seen by MailGuard include:

These fake ‘Xero’ domains were all registered yesterday in China.

This sort of email scam is a technique used by cybercriminals to infect computer systems with trojans, spyware and ransomware. Victims who unwittingly click through to the fake 'invoice' document and open it will activate hidden code in the file that will infect their computer without their knowledge.

Malware attacks like this can be extremely damaging to computers systems and have the potential to cost companies millions of dollars in damages, lost productivity and reputational harm.

Please keep an eye out for this criminal-intent email and share this warning with your social networks. 


Take Action to Defend Your Business

New malware scams are appearing every day. Don’t wait until it happens to your business; take action to protect your company from financial and reputational damage, now.

Effective cybersecurity requires a multi-layered strategy. For a few dollars per staff member per month, add MailGuard's predictive email security. You’ll significantly reduce the risk of malicious email entering your network. Talk to an expert at MailGuard today about your company's cybersecurity needs: 1300 30 44 30

Stay up-to-date with new posts on the MailGuard Blog by subscribing to free updates. Click on the button below:

Keep Informed with Weekly Updates




Topics: Macro Malware xero email scam cybercrime Xero fake invoice brandjacking

Back to Blog


    Something Powerful

    Tell The Reader More

    The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.


    • Bullets are great
    • For spelling out benefits and
    • Turning visitors into leads.

    Recent Posts

    Posts by Topic

    see all