Xero Alert: Phishing in Xero Invoice Emails

Xero Alert: Phishing in Xero Invoice Emails

Phishing (often called as brand spoofing) is a type of internet fraud which had infiltrated computers and businesses for years, and when we say “businesses” it means no exceptions. Recently, Xero updated their security noticeboard with reports regarding Xero Invoice Phishing emails, and shared some ways on how to avoid becoming a victim of these kinds of email fraud.


Xero Blog (https://www.xero.com/blog/2015/09/3-ways-to-avoid-being-phished/)

Something’s Not Right

Wednesday – September 21, 2016 — Xero released an update to their blog site regarding fake emails that are being sent to Xero customers, and tricks victims to enter their email and password (which is a form of identity theft).

The fake email address, identified as messaging-service@post-xero.com, bears a striking resemblance to the legitimate one (messaging-service@post.xero.com). As of now, Xero had started on taking down the @post-xero.com fake domain.

How to Avoid Phishing Emails?

So, whenever you encounter these kinds of malicious emails, Xero shared a few tips on how you can avoid them:

1. Start Checking Emails

To make sure that your inbox is not infiltrated with spam emails, you should first check if all Xero invoice emails that you had received came from messaging-service@post.xero.com.

2. Please, Don’t Open


Flickr (Christiaan Colen)

It’s easy to distinguish whenever a link is a red flag, since most secured links start with https, rather than http. Once you think that the address of the email is somewhat suspicious, then don’t open the email. Remember that it’s better be safe than sorry.

3. Report the Problem

Whenever you experience these kinds of issues when it comes to fake Xero invoice emails, you should send an email to phishing@xero.com, and they will confirm if the sent message was from them.

4. Delete the Spam Email

Once you had confirmed that your email is a fake one, then it’s time for you to delete it, and remember not to click any links or .zip files attached to it.

You can also visit Xero’s security page to learn more on protecting data in Xero.