A Xero malicious email campaign was detected and blocked by MailGuard today. The invoice, designed to look like it was sent through the Xero accounting platform, encourages the recipient to click through to view the invoice.
The subject line is “Bill 18322 from [random company] is due soon.” The sender display name, email address and invoice amount vary considerably. The purported senders are actual registered Australian businesses, ostensibly the result of previous credential scraping activity.
No other security vendors are listed as detecting the link on Virus Total at the time of publication. The MailGuard team is monitoring for variants.
Capitalising on EOFY activity
Xero, being the market leader for SMB accounting software, with a customer base of about half a million businesses in Australia, is often the victim of brand impersonation. Xero-branded scams occur regularly, however, the fiscal year end, and associated spike in accounting activity, is opportune for cyber perpetrators.
Read more about how JS code attacks websites.
Don’t become the next victim
According to the FBI, email fraud is still the number one cyber crime.
Protect your employees by:
- Ensuring all software is updated (for web browsers, apps, operating systems)
- Driving a strong culture of cyber literacy to affect user behaviour (educate your employees about the tell-tale characteristics of a suspicious, criminal intent email)
- Having robust content (email and web) filtering solutions in place.
For a few dollars per staff member per month, you can have the peace of mind of MailGuard's comprehensive cloud-based email and web filtering. You’ll significantly reduce the risk of zero-day (previously unknown) threats and stop new variants of malicious email from entering your network.
Keep up to date on the latest scams by subscribing to MailGuard updates or follow us on social media.
If you’re experiencing problems with email scams you can speak to one of MailGuard's cloud security specialists right now on 1300 30 44 30.