‘Xero’ Fake Invoice Email Points to Malware

Posted by Emmanuel Marshall on 14 December 2017 13:54:49 AEDT

This morning MailGuard has intercepted a large volume email scam. The messages are fake invoice reminders, using the brand
‘Xero’ to try and inspire trust. The email contains a link which pretends to point at an invoice but actually goes to a zipped JavaScript file containing trojan malwaresee screenshot below:


Trojans are designed to covertly install harmful programs like ransomware and viruses on victim’s computers. In an office environment, trojan attacks can lead to widespread damage, not only to the machines directly affected but also to other computers connected to them on the network.

The format of this criminal-intent email is quite simple. There are no graphics in the email design, so in this case the cybercriminals behind the attack are relying on the Xero name to trick their victims.

Although the sender address appears to be ‘Xero’ the actual address domain - xerostatic[dot]com - is not a real Xero URL. It was registered recently, probably for the purpose of executing this scam.

MailGuard was successful in preventing these emails from getting to our client’s inboxes, but this is a very large-scale attack, so many email accounts without MailGuard protection will be affected.


Brandjacking: a Growing Problem

According to the ACCC ScamWatch website, the cost of cybercrime in Australia looks set to top $90 million in 2017. About 90% of cybercrime incidents are instigated via email, and the scams mutate and evolve over time as cybercriminals discover new ways to deceive their victims.

In recent months, MailGuard has seen a large volume of brandjacking scams. Brandjacking scams are ones which exploit trusted brand names to gain victim’s confidence. Brandjacking leverages the marketing and publicity that big companies invest in. The better known and well trusted a company is, the more useful their name is to scammers as a tool of deception.

Xero, the popular online accounting software, is a well known and trusted company so this is not the first time they have been brandjacked.

MailGuard CEO and Founder Craig McDonald recently wrote an article about the psychology behind brandjacking and why it is such a growing problem:

“This approach has a high success rate for cybercriminals. Why? Because it taps into our subconscious. Marketers have known for years how to leverage our subconscious to make us spend; 90% of all purchasing decisions are made subconsciously... Our happy subconscious clicking - the trust that we place in brands - is putting us all at risk…”

Read the rest of Craig McDonald’s article, here.


Think Twice Before Clicking

There are some simple ways to reduce the risk of being tricked by a brandjacking email:

  • Watch out for emails that ask you to open or download files, especially if they are in .zip, .exe or .js format.
  • Spelling or grammatical mistakes in emails are often indications of a scam.
  • Never click on links in messages from unfamiliar senders.
  • If you’re unsure about a message’s legitimacy, phone the company directly and ask about it.


One Click Can be Devastating

Doing business online opens up opportunities for collaboration on an unprecedented level, but with that opportunity comes significant risk. All criminals need to break into your business is a cleverly worded email; if they can trick one person in your company into clicking on a malicious link they can gain access to your data.

For a few dollars per staff member per month, you can protect your business with MailGuard's cloud-based email and web filtering security.
Talk to an expert at MailGuard today about making your company's network secure: click here.

Stay up-to-date with new posts on the MailGuard Blog by subscribing to free updates. Click on the button below:

Keep Informed with Weekly Updates



Topics: Cybersecurity email fraud xero email scam xero invoice

Back to Blog


Something Powerful

Tell The Reader More

The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.


  • Bullets are great
  • For spelling out benefits and
  • Turning visitors into leads.

Recent Posts

Posts by Topic

see all