The online accounting platform, Xero, has been brandjacked in a new phishing attack.
MailGuard has intercepted an email scam using fake Xero branding to deceive victims into submitting their Microsoft login data to a phishing site.
The scam message - shown in the screenshot above - informs the recipient that they have received a large payment, AU$145.008.31, on the Xero system and they can view their payment by signing in with their Microsoft or Xero login credentials.
If the intended victim clicks on the link in the email they are taken to a fake Microsoft branded login page, shown in the screenshot below:
This phishing page is designed to harvest the victim’s login credentials, to be used in identity theft.
An identifying feature of this scam is the sender name and address:
- The display name is “Ginger Collins”
- The sending address is “GingerCollins@betterbookkeepers.com”
Defend your inbox
Phishing attacks can be enormously costly and destructive and new scams are appearing every day. Don’t wait until it happens to your business; take action to protect your company, now.
Effective cybersecurity requires a multi-layered strategy. For a few dollars per staff member per month, add MailGuard's predictive email security. You’ll significantly reduce the risk of malicious email entering your network.
Talk to an expert at MailGuard today about your company's cybersecurity needs: 1300 30 44 30
Stay up-to-date with new posts on the MailGuard Blog by subscribing to free updates. Click on the button below:
