Daniel McShanag 16 January 2018 16:30:47 AEDT 2 MIN READ

Watch out for fake Xero invoice scam

Careful what you click. Earlier today MailGuard intercepted yet another criminal intent email scam impersonating popular accounting software brand ‘Xero.’

The email, with the subject ‘Your Xero Invoice,’ advises the recipient that their Xero subscription invoice is attached and that the amount is due to be debited from their credit card.


The attachment is a .doc file, containing a malicious script.

The display name for the email is ‘Xero Billing Notifications, and the sender’s domain, subscription(dot)notifications(at)xeroink.com, was registered yesterday.

The danger of this scam is anyone can fall prey, whether a Xero customer or not.

As accountants, bookkeepers and financial professionals, Xero users and their customers are particularly attractive to cybercriminals who know that they hold access to valuable financial information for company payrolls, invoicing, and the like.

Xero takes security seriously

According to the Xero blog, “Data security is an industry-wide issue and it is our number one priority. Phishing scams that attempt to steal account names and passwords are an ongoing issue for all online and financial services, so it’s vital that businesses everywhere who use these services ensure they have strong security practices and keep their information secure. Security is an issue that everyone needs to take seriously.

On the back of recent security updates, Xero has released Two-Step Authentication for all Xero customers, providing an additional layer of security for all Xero user accounts. Two-step authentication can help keep your Xero account from being compromised by phishing and malware.

Two-Step Authentication verifies the identity of a customer logging into the Xero dashboard by requiring them to use their existing password and a second, unique code randomly generated by the Google Authenticator app on their smartphone, each time they log in.

Based on security best practice, Two-Step Authentication means only the Xero user with access to that trusted device will be able to log in, making it more difficult for unauthorised people to access their data.

Xero’s blog has advice on how to avoid being phished. That blog post advises:

“Phishing scams can also show a legitimate email address, like message-service@post.xero.com, but really they’re spoofing it. The message is actually coming from an entirely different email address.

“These emails are designed to trick you to enter your email and password that they can use to log in to the original site or use your password for another site. Whenever you enter your username and password online you should check that you’re actually on the right site.”

Think before you click

MailGuard urges email users to hesitate before clicking any type of attachment or link in an email if they’re uncertain of its legitimacy.

For a few dollars per staff member per month, add MailGuard's cloud-based email and web filtering solution to your business security. You’ll significantly reduce the risk of new variants of malicious email from entering your network.

Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update or follow us on social media.

Keep Informed with Weekly Updates


^ Back to Top