A new email scam detected by MailGuard today is exploiting Xero’s trademark to try and gain the trust of potential victims.
In the screenshot above you can see that these scam messages are meant to look like invoice notifications sent through the Xero accounting platform. The criminals who are operating this scam appear to have registered four new domains: xerocentral.com, xero-fx.com, xerogroup.org and xeromobile.net with a Chinese registrar yesterday.
Keep an eye out for these bogus Xero sender addresses:
- messaging-service@xerocentral.com
- messaging-service@xero-fx.com
- messaging-service@xerogroup.org
- messaging-service@xeromobile.net
The individual messages sent out in this attack bear various real business names, and these names have been used in the ‘subject’ fields of the email messages. Some examples of subject lines associated with this scam include:
- Bill INV-4091 from Zacamoco Developments is due
- Bill INV-4091 from MAB Corporation Pty Ltd is due
- Bill INV-4091 from Jetstream Electrical is due
- Bill INV-4091 from Beaute On The Mall Pty Ltd is due
- Bill INV-4091 from Mossimo is due
- Bill INV-4091 from ECG WEALTH is due
- Bill INV-4091 from Civilstrut Design Pty Ltd is due
- Bill INV-4091 from TCI Property Consultants is due
- Bill INV-4091 from Ben Persson Pty Ltd is due
- Bill INV-4091 from Temt is due
- Bill INV-4091 from Leona Edmiston is due
- Bill INV-4091 from Ron Lawford Solicitor is due
- Bill INV-4091 from Tenders Online is due
- Bill INV-4091 from Virgon Developments Pty Ltd is due
- Bill INV-4091 from Protek Design is due
The objective of this email is to get the recipient to click on a link that will direct them to a hidden JavaScript malware file.
Malware linked scams like this usually install viruses or spyware onto victims computers when they open innocent looking attachments or click on links. The ultimate intention of malware attacks of this sort is harvesting victims personal data to perpetrate identity theft or fraud.
Please share this scam warning with your social networks to help us warn people about this attack.
One email
Cybercriminals use email scams to infiltrate organisations with malware and attack them from the inside.
All criminals need to break into your business is a cleverly worded message. If they can trick one person in your company into clicking on a malicious link they can gain access to your data.
For a few dollars per staff member per month, you can protect your business with MailGuard's predictive email security.
Talk to an expert at MailGuard today about making your company's network secure: click here.
Stay up-to-date with new posts on the MailGuard Blog by subscribing to free updates. Click on the button below:
