Brought to you by

Reporting Phishing to Xero

If you suspect you’ve received a phishing or malicious email, which says it’s from Xero or uses Xero’s logo, and it’s not already reported below on the Security Noticeboard – please report it by forwarding the email to phishing@xero.com.

A genuine Xero email will always come from a xero.com domain or sub-domain address, e.g. @xero.com, @post.xero.com, @send.xero.com, @sendnz.xero.com, @support.xero.com.  So if it’s not from a xero.com address, be suspicious.  But please also be aware that some phishing emails attempt to spoof (impersonate) our sending addresses, so they appear to come from a xero.com address but are actually sent from a different domain.

Do not click on any links or attachments in suspicious emails.  You can find out more about how to identify phishing and other malicious emails, and how to stay safe online, on our Security page.

Notices

 

Nov 23rd, 2020 – Fake Xero confirmation email

We’ve received reports of people receiving fake Xero confirmation emails.

The email has a subject of ‘Confirm your email address’ and is sent from the following email address: no-reply@post.idv.link

Please be aware that the email address listed above is not a sending address nor a domain used by Xero, and these emails were not sent by us. Here is an example of an email we’ve received:

If you have received this email, you should report it as phishing and delete it. Do not click on the “Yes, it’s me – let’s get started” link. The link in this phishing email will redirect you to a malicious website with the intent of stealing your Xero username and password.

If you’re an existing Xero user, we recommend enabling Two-Step Authentication (2SA) as another layer of protection for your account. You can find out more about 2SA here.

You can find more information on how to protect yourself from email phishing attacks here.

______________________________________________________________________________________________________________________________________

 

September 24th, 2020 – Fake invoice phishing variant

We’ve had reports of people receiving a fake invoice phishing email.

The sending address used is ‘xero@snap.net.nz’ with a subject of ‘Your xero invoice XXXXX available now’ and an invoice amount of $3,485.58. Please note that the invoice number and amount may vary from the example provided.

Please be aware that this email address is not a sending address used by Xero and these emails were not sent by us.

Here is an example of the email:

If you have received this email, you should report it as phishing and delete it. Do not click on the “Pay now” or “View your bill online” links as they’re likely to redirect you to a malicious website.

If you’re an existing Xero user, we recommend enabling Two-Step Authentication (2SA) as another layer of protection for your account. You can find out more about 2SA here.

You can find more information on how to protect yourself from email phishing attacks here.

______________________________________________________________________________________________________________________________________

May 22nd, 2020 – Fake invoice phishing variant

We’ve had reports of people receiving a fake invoice phishing email.

The email has a subject of ‘Invoice 8219 from Itgl Robinsons’ with an invoice amount of £3,500.00  and is being sent from the email address: invoices@mail-itgl.com

Please be aware that this email address is not a sending address used by Xero nor was it sent by ITGL Robinsons Ltd.

Here is an example of an email we’ve received:

If you have received this email, you should report it as phishing and delete it. Do not click on the “View invoice” or “View your bill online” links as they’re likely to redirect you to a malicious website.

If you’re an existing Xero user, we recommend enabling Two-Step Authentication (2SA) as another layer of protection for your account. You can find out more about 2SA here.

You can find more information on how to protect yourself from email phishing attacks here.

______________________________________________________________________________________________________________________________________

May 4th, 2020 – Fake Invoice phishing variant

We’ve had reports of people receiving a new version of the fake invoice phishing email.

The sending address of the email is ‘invoices@Post-xero.comthough the subject line, invoice number and amount may vary in an attempt to make the invoice more convincing. 

Please be aware that this email address is not a sending address used by Xero nor were they sent from the business names included.

Here is an example of the email:

If you’ve received one of these emails you should report it as phishing and delete it. Do not click on any of the hyperlinks included in the email. This link will redirect you to a malicious website.

If you’re an existing Xero user, we recommend enabling Two-Step Authentication (2SA) as another layer of protection for your account. You can find out more about 2SA here.

You can find more information on how to protect yourself from email phishing attacks here.

______________________________________________________________________________________________________________________________________

Apr 30th, 2020 – Fake Xero billing notification

We’ve had reports of people receiving fake Xero Billing Notification emails.

The subject of the email is ‘Your Xero subscription Invoice on 4/29/20’ which is being sent from the email address subscription.notifications@post.xero.com.

Please be aware that the sender has spoofed our domain and these emails were not sent by us.

Here’s an example of the email:

If you’ve received one of these emails you should report it as phishing and delete it. Do not click on any of the hyperlinks included in the email. The links will redirect you to a malicious website.

If you’re an existing Xero user, we recommend enabling Two-Step Authentication (2SA) as another layer of protection for your account. You can find out more about 2SA here.

You can find more information on how to protect yourself from email phishing attacks here.

______________________________________________________________________________________________________________________________________

Apr 30th, 2020 – Fake Invoice phishing variant

We’ve had reports of people receiving a new version of the fake invoice phishing email.

The sending address of the email is ‘te-maos@email-aql.com’ with a subject of ‘Invoice form Keller Ltd 04-28-20 and an invoice amount of £1,500.00. Please note that the invoice number may be different from the example provided.

Please be aware that this email address is not a sending address used by Xero nor was it sent by Keller Ltd.

Here is an example of the email:

If you’ve received one of these emails you should report it as phishing and delete it. Do not click on any of the hyperlinks included in the email. The links will redirect you to a malicious website.

If you’re an existing Xero user, we recommend enabling Two-Step Authentication (2SA) as another layer of protection for your account. You can find out more about 2SA here.

You can find more information on how to protect yourself from email phishing attacks here.

______________________________________________________________________________________________________________________________________

March 27th, 2020 – Fake invoice reminder phishing variant

We’ve had reports of people receiving a fake invoice reminder email.

The sending address used is using spoofed address of Xero employees ‘<firstname.lastname@xero.com>’ with a subject of ‘Xero’ with an attachment of “Xero.html.html“.

Please be aware that this email is not a legitimate Xero employee.

Here is an example of the email:

If you have received this email, you should report it as phishing and delete it. Do not click on the hyperlink included in the email. This link will redirect you to a malicious website.

If you’re an existing Xero user, we recommend enabling Two-Step Authentication (2SA) as another layer of protection for your account. You can find out more about 2SA here.

You can find more information on how to protect yourself from email phishing attacks here.

______________________________________________________________________________________________________________________________________

Feb 12th, 2020 – Fake invoice reminder phishing variant

We’ve had reports of people receiving a fake invoice reminder email.

The sending address used is ‘Xero Bill <beautytherapy@facefacts.co.nz>’ with a subject of ‘Your xero invoice XXXXX available now’ and an invoice amount of $513.75. Please note that the invoice number may be different from the example provided.

Please be aware that this email address is not a sending address used by Xero nor was it sent by NJW Limited. 

Here is an example of the email:

If you have received this email, you should report it as phishing and delete it. Do not click on the hyperlink included in the email. This link will redirect you to a malicious website.

If you’re an existing Xero user, we recommend enabling Two-Step Authentication (2SA) as another layer of protection for your account. You can find out more about 2SA here.

You can find more information on how to protect yourself from email phishing attacks here.

_________________________________________________________________________________________________________________________________________________________

Dec 4th, 2019 – Fake invoice reminder phishing variant

We’ve had reports of people receiving a fake invoice reminder email.

The sending address used is ‘secretary@pukekoheafc.com’ with a subject of ‘Your xero invoice XXXXX available now’ and an invoice amount of $313.75. Please note that the invoice number may be different from the example provided.

Please be aware that this email address is not a sending address used by Xero nor was it sent by NJW Limited. 

Here is an example of the email:

If you have received this email, you should report it as phishing and delete it. Do not click on the hyperlink included in the email. This link will redirect you to a malicious website.

If you’re an existing Xero user, we recommend enabling Two-Step Authentication (2SA) as another layer of protection for your account. You can find out more about 2SA here.

You can find more information on how to protect yourself from email phishing attacks here.

_________________________________________________________________________________________________________________________________________________________

Oct 7th, 2019 – Fake invoice phishing variant

We’ve had reports of people receiving a fake invoice phishing email similar to our post in August.

The email has a subject of ‘Invoice 5066 from S-link Ltd’ with an invoice amount of £2,191.32 and is being sent from the email address: post.xeroinvoices@billso2.com

Please be aware that this email address is not a sending address used by Xero nor was it sent by S-link Ltd.

Here is an example of an email we’ve received:

If you have received this email, you should report it as phishing and delete it. Do not click on the “View invoice” links as they’re likely to redirect you to a malicious website.

If you’re an existing Xero user, we recommend enabling Two-Step Authentication (2SA) as another layer of protection for your account. You can find out more about 2SA here.

You can find more information on how to protect yourself from email phishing attacks here.

_________________________________________________________________________________________________________________________________________________________

Sep 6th, 2019 – Fake Remittance Issue Email

We’ve had reports of people receiving fake remittance issue emails.

The email is being sent from the email address “stantchev@hotmail.com” and has a subject of ‘Remittance/Billing Issue’.

Please be aware that the email address listed above is not a sending address nor a domain used by Xero, and these emails were not sent by us.

If you have received this email, you should report it as phishing and delete it. Do not click on the “Review/Download” link. This link will redirect you to a malicious website.

If you’re an existing Xero user, we recommend enabling Two-step Authentication (2SA) as another layer of protection for your account. You can find out more about 2SA here.

You can find more information on how to protect yourself from email phishing attacks here.

_________________________________________________________________________________________________________________________________________________________

Aug 30th, 2019 – Fake invoice phishing variant

We’ve had reports of people receiving a fake invoice phishing email similar to our post in June.

The email has a subject of ‘Invoice INV-XXXX from XXXXXX Pty Ltd’ and is being sent from a range of email addresses including (but not limited to) the ones below:

  • cymonekves@gmx.com
  • mariah7a43sh@gmx.com
  • camilanpb@gmx.com

The invoice number, amount and business names may vary in an attempt to make the invoice more convincing. Some of the business names used may be legitimate businesses.

Please be aware that these emails were not sent by Xero nor were they sent from the business names included.

Here is an example of an email we’ve received:

If you have received this email, you should report it as phishing and delete it. Do not click on the “View invoice” link as it’s likely to redirect you to a malicious website.

If you’re an existing Xero user, we recommend enabling Two-Step Authentication (2SA) as another layer of protection for your account. You can find out more about 2SA here.

You can find more information on how to protect yourself from email phishing attacks here.

_________________________________________________________________________________________________________________________________________________________

Aug 29th, 2019 – Fake Xero billing notification

We’ve had reports of people receiving fake Xero Billing Notification emails similar to our previous post in late July.

The email has a subject of ‘ INV-9459905’ and is being sent from the email address: “lou@tax1394.com”.

Please be aware that the email address listed above is not a sending address nor a domain used by Xero, and these emails were not sent by us.

Here is an example of the email:

If you have received this email, you should report it as phishing and delete it. Do not click on the hyperlink included in the email. This link will redirect you to a malicious website.

If you’re an existing Xero user, we recommend enabling Two-Step Authentication (2SA) as another layer of protection for your account. You can find out more about 2SA here.

You can find more information on how to protect yourself from email phishing attacks here.

_________________________________________________________________________________________________________________________________________________________

August 22nd, 2019 – Fake payment confirmation phishing variant

We’ve had reports of people receiving fake payment confirmation emails.

The sending email address used is “accounts@xero.design with a subject of ‘Invoice INV 19742 – Paid’. 

Please be aware that this email address is not a sending address used by Xero and these emails were not sent by us.

Here is an example of an email we’ve received:

If you have received this email you should report it as phishing and delete it. Do not click on the invoice link. The link in this phishing email will redirect you to malicious website.  

If you’re an existing Xero user, we recommend enabling Two-Step Authentication (2SA) as another layer of protection for your account. You can find out more about 2SA here.

You can find more information on how to protect yourself from email phishing attacks here.

_________________________________________________________________________________________________________________________________________________________

August 22nd, 2019 – Fake Xero scanned document email

We’ve had reports of people receiving a malicious email advising them that they have received a “scanned document from Xero”.

The email has a subject of ‘Xero scanned 3pages document arrive on Thursday, August 15, 2019’ (date may vary) and is being sent from a range of email addresses including (but not limited to) the ones below:

2341Xero_Scanner43fgjghdhre3321@checkwinnn.com
7866tyghjnmjhgtfcvbhvbjhjgduywksmbkhdgv@huawiei.com
37KP8H0SEQDSCA3ZFZT3@checkwinnn.com
808765sfghjkmsklasnouncoehans@huawiei.com

Please be aware that these emails were not sent by us.

Here is an example of one of these malicious emails:

If you have received this email, you should report it as phishing and delete it. Do not click on any of the links in the email. These links will redirect you to a malicious website.

If you’re an existing Xero user, we recommend enabling Two-Step Authentication (2SA) as another layer of protection for your account. You can find out more about 2SA here.

You can find more information on how to protect yourself from email phishing attacks here.

_________________________________________________________________________________________________________________________________________________________

Jul 19th, 2019 – Fake Xero billing notification

We’ve had reports of people receiving fake Xero Billing Notification emails.

The email has a subject of ‘ Xero subscription invoice’ and is being sent from the email address: “No-reply@xero-billing-notifications-1.org”.

Please be aware that the email address listed above is not a sending address nor a domain used by Xero, and these emails were not sent by us.

Here is an example of the email:

If you have received this email, you should report it as phishing and delete it. Do not click on any of the hyperlinks included in the email. These links will redirect you to a malicious website prompting a call back.

If you’re an existing Xero user, we recommend enabling Two-Step Authentication (2SA) as another layer of protection for your account. You can find out more about 2SA here.

You can find more information on how to protect yourself from email phishing attacks here.

_________________________________________________________________________________________________________________________________________________________

Jun 28th, 2019 – Fake invoice phishing variant

We’ve had reports of people receiving a fake invoice phishing email similar to our post in late May.

The email has a subject of ‘Invoice 05596 from Wislox Group’ with an invoice amount of £572.00 and is being sent from the email address: account@wislox.co.uk

Please be aware that this email address is not a sending address used by Xero nor was it sent by Wislox Ltd.

Here is an example of an email we’ve received:

If you have received this email, you should report it as phishing and delete it. Do not click on the “View invoice” or “unsubscribe” links as they’re likely to redirect you to a malicious website.

If you’re an existing Xero user, we recommend enabling Two-Step Authentication (2SA) as another layer of protection for your account. You can find out more about 2SA here.

You can find more information on how to protect yourself from email phishing attacks here.

_________________________________________________________________________________________________________________________________________________________

May 29th, 2019 – Fake overdue invoice reminder email

We’ve had reports of people receiving a new version of a fake overdue invoice reminder email.

The email has a subject of ‘Reminder Overdue Invoice – INV-XXXX from PDJ Imports Ltd’ with an invoice amount of $1255.95. These emails are being sent from a wide range of individual and business email addresses, as well as with different invoice numbers.

Please be aware that these email addresses are not sending addresses used by Xero nor were they sent by PDJ Imports Ltd.

Here is an example of an email we’ve received:

If you have received this email, you should report it as phishing and delete it. Do not click on the “View invoice” link. The link in the phishing email will redirect you to a malicious website.  

If you’re an existing Xero user, we recommend enabling Two-Step Authentication (2SA) as another layer of protection for your account. You can find out more about 2SA here.

You can find more information on how to protect yourself from email phishing attacks here.

_________________________________________________________________________________________________________________________________________________________

May 24th, 2019 – Fake overdue invoice reminder email

We’ve had reports of people receiving a new version of the fake overdue invoice reminder email.

The email has a subject of ‘Tax Invoice INV0012881 [Overdue]’ and is sent from the email address ‘invoice@xero.com’.

Please be aware that the sender has spoofed our domain and these emails were not sent by us.

Here is an example of an email we’ve received:

If you have received this email, you should report it as phishing and delete it. Do not click on the attachment. This phishing email contains a malicious attachment possibly malware.

If you’re an existing Xero user, we recommend enabling Two-Step Authentication (2SA) as another layer of protection for your account. You can find out more about 2SA here.

You can find more information on how to protect yourself from email phishing attacks here.

_________________________________________________________________________________________________________________________________________________________

May 17th, 2019 – Fake overdue invoice reminder email

We’ve had reports of people receiving a new version of the fake overdue invoice reminder email.

The email has the subject ‘Reminder Overdue Invoice – INV-17062 Urban Clean Accounts’ with an invoice amount of $561.00. These emails are being sent from a wide range of individual and business email addresses.

Please be aware that these email addresses are not sending addresses used by Xero nor was it sent by Urban Clean Accounts.

Here is an example of the email:

If you have received this email, you should report it as phishing and delete it. Do not click on the “View invoice” link. The link in the phishing email will redirect you to a malicious website.  

If you’re an existing Xero user, we recommend enabling Two-Step Authentication (2SA) as another layer of protection for your account. You can find out more about 2SA here.

You can find more information on how to protect yourself from email phishing attacks here.

_________________________________________________________________________________________________________________________________________________________

Apr 23rd, 2019 – Fake payment receipt emails

We’ve received reports of people receiving fake payment receipt emails.

The email has a subject of ‘Invoice Paid’ and is being sent from either noreply@xero.com or no.reply@xero.com email address.

Please be aware that the malicious actor has spoofed a domain used by Xero, and these emails were not sent by us.

Here is an example of an email we’ve received:

If you have received this email, you should report it as phishing and delete it. Do not click on the “View Payment Receipt” link. The link in this phishing email will redirect you to a malicious website.

If you’re an existing Xero user, we recommend enabling Two-Step Authentication (2SA) as another layer of protection for your account. You can find out more about 2SA here.

You can find more information on how to protect yourself from email phishing attacks here.

_________________________________________________________________________________________________________________________________________________________

Apr 11th, 2019 – Fake invoice reminder phishing variant

We’ve had reports of people receiving another version of a fake invoice reminder email.

The subject is ‘Invoice INV-XXXX from Eeve Pty Ltd and appears to be sent from a wide range of individual and business email addresses. Please note that the invoice number and amount may be different from the example provided.

Please be aware that this email address is not a sending address used by Xero nor was it sent by Eeve Pty Ltd. The criminal sending the email has exploited the names of legitimate businesses in an attempt to make their email more convincing.

Here is an example of the email:

If you have received this email, you should report it as phishing and delete it. Do not click on the link to view your bill. The link in this phishing email will redirect you to a malicious website and prompt you to download a malicious file.  

If you’re an existing Xero user, we recommend enabling Two-Step Authentication (2SA) as another layer of protection for your account. You can find out more about 2SA here.

You can find more information on how to protect yourself from email phishing attacks here.

_________________________________________________________________________________________________________________________________________________________

Apr 8th, 2019 – Fake confirm your Xero email address

We’ve received reports of people receiving fake email confirmation emails.

The email has a subject of ‘Confirm your Xero email address’ and is sent from the email address: “noreply@xeronetwork.co.uk”

Please be aware that the email address listed above is not a sending address nor a domain used by Xero, and these emails were not sent by us.

Here is an example of an email we’ve received:

If you have received this email, you should report it as phishing and delete it. Do not click on the “Yes, it’s me – let’s get started” link. The link in this phishing email will redirect you to a malicious website with the intent of stealing your Xero username and password.

Additionally, do not click on the support.xero.com or unsubscribe links embedded within the same email. These links also redirect you to the malicious website.

If you’re an existing Xero user, we recommend enabling Two-Step Authentication (2SA) as another layer of protection for your account. You can find out more about 2SA here.

You can find more information on how to protect yourself from email phishing attacks here.

_________________________________________________________________________________________________________________________________________________________

Apr 4th, 2019 – Fake Xero billing notification

We’ve had new reports of people receiving a variant of the fake Xero Billing Notification emails posted earlier this week.

This time, the email has a subject of ‘XERO: Your Monthly Review’ and is being sent from the email address: “lisa@blaxlandlaw.com.au”.

Please be aware that these emails were not sent by us nor were they sent by Lisa Munro.

Here is an example of the email:

If you have received this email, you should report it as phishing and delete it. Do not click on the link to review invoice. The link in this phishing email will redirect you to a malicious website.

If you’re an existing Xero user, we recommend enabling Two-Step Authentication (2SA) as another layer of protection for your account. You can find out more about 2SA here.

You can find more information on how to protect yourself from email phishing attacks here.

_________________________________________________________________________________________________________________________________________________________

Apr 1st, 2019 – Fake Xero billing notification

We’ve had reports of people receiving fake Xero Billing Notification emails similar to our post in late February.

This time, the email has a subject of ‘Your Xero Invoice’ and is being sent from the sending address “subscription.notifications@xero.com”. The invoice numbers used may vary in an attempt to make the invoice more convincing.

Please be aware that the sender has spoofed our domain and these emails were not sent by us.

Here is an example of the email:

If you have received this email, you should report it as phishing and delete it. Do not click on the link to view your bill. The link in this phishing email will redirect you to a malicious website.

If you’re an existing Xero user, we recommend enabling Two-Step Authentication (2SA) as another layer of protection for your account. You can find out more about 2SA here.

You can find more information on how to protect yourself from email phishing attacks here.

_________________________________________________________________________________________________________________________________________________________

Mar 19th, 2019 – Fake Invoice Remittance Advice Email

We’ve had reports of people receiving fake remittance advice emails.

The sending address used is “no-reply@post.xero.com” and the email has a subject of ‘Remittance Advise 18/03/19’.

Please be aware that the sender has spoofed our domain and these emails were not sent by us.

Here is an example of the email:

If you have received this email, you should report it as phishing and delete it. Do not click on the “Download Attachments” link. The link in this phishing email will prompt you to enter credentials to view the file.

If you’re an existing Xero user, we recommend enabling Two-Step Authentication (2SA) as another layer of protection for your account. You can find out more about 2SA here.

You can find more information on how to protect yourself from email phishing attacks here.

_________________________________________________________________________________________________________________________________________________________

Feb 26th, 2019 – Fake Xero billing notification

We’ve had reports of people receiving fake Xero Billing Notification emails similar to our post last month.

The email this time has a subject of ‘Your latest Xero subscription invoice’ and is being sent from a wide range of individual and business email addresses. The invoice numbers used may vary in an attempt to make the invoice more convincing.

Please be aware that these emails were not sent by us.

Here is an example of the email:

If you have received this email, you should report it as phishing and delete it. Do not click on the link to view your bill. The link in this phishing email will redirect you to a malicious website.

If you’re an existing Xero user, we recommend enabling Two-Step Authentication (2SA) as another layer of protection for your account. You can find out more about 2SA here.

You can find more information on how to protect yourself from email phishing attacks here.

_________________________________________________________________________________________________________________________________________________________

Feb 25th, 2019 – Fake Invoice phishing variant

We’ve had reports today of people receiving a new version of the fake invoice reminder phishing email.

The email subject used this time is ‘February Invoice INV-*** from West Coast Online’ and is being sent from a wide range of individual and business email addresses.

The invoice number, amount and business names may vary in an attempt to make the invoice more convincing. Some of the business names used may be legitimate businesses.

Please be aware that these emails were not sent by us nor were they sent by West Coast Online.

Here is an example of an email we’ve received:

If you have received this email, you should report it as phishing and delete it. Do not click on the ‘View invoice’ link. The link in this phishing email will redirect you to a malicious website.  

If you’re an existing Xero user, we recommend enabling Two-Step Authentication (2SA) as another layer of protection for your account. You can find out more about 2SA here.

You can find more information on how to protect yourself from email phishing attacks here.

_________________________________________________________________________________________________________________________________________________________

Feb 2nd, 2019 – Fake Xero Two-Step Authentication (2SA) confirmation email

We’ve received reports of people receiving fake Xero Two-Step Authentication (2SA) confirmation emails.

The email has a subject of ‘Xero Two-Step Authentication (2SA)’ and is sent from the following email address: support@verificationl.ink

Please be aware that the email address listed above is not a sending address nor a domain used by Xero, and these emails were not sent by us.

Here is an example of an email we’ve received:

If you have received this email, you should report it as phishing and delete it. Do not click on the “Yes, it’s me – Confirm 2SA” link. The link in this phishing email will redirect you to a malicious website with the intent of stealing your Xero username and password.

If you’re an existing Xero user, we recommend enabling Two-Step Authentication (2SA) as another layer of protection for your account. You can find out more about 2SA here.

You can find more information on how to protect yourself from email phishing attacks here.

_________________________________________________________________________________________________________________________________________________________

Jan 22nd, 2019 – Invoice remittance advice phishing email

We’ve had reports of people receiving fake remittance advice emails.

The email has a subject of ‘Remittance for INV-2018808 from MELBOURNE ACCOUNTING SOLUTIONS PTY LTD’ with an invoice amount of $13,320.00 and is being sent from the email address: kazuhattly@c08.itscom.net

Please be aware that this email address is not a sending address used by Xero nor was it sent by Melbourne Accounting Solutions Pty Ltd.

Here is an example of the email:

If you have received this email, you should report it as phishing and delete it. Do not click on the View remittance links or the “Download PDF” link. The links in this phishing email will redirect you to a malicious website.  

If you’re an existing Xero user, we recommend enabling Two-Step Authentication (2SA) as another layer of protection for your account. You can find out more about 2SA here.

You can find more information on how to protect yourself from email phishing attacks here.

_________________________________________________________________________________________________________________________________________________________

Jan 8th, 2019 – Fake GDPR confirmation email

We’ve had new reports of people receiving fake GDPR confirmation emails similar to our post on Jan 2nd.

This time,the email has a subject of ‘Confirm your email address’ and is sent from email address: ‘postmaster@boulevardselfdrive.co.uk’.

Please be aware that the email address listed above is not a sending address nor domain used by Xero, and these emails were not sent by us.

Here is an example of an email we’ve received:

If you have received this email, you should report it as phishing and delete it. Do not click on the “Yes,it’s me – let’s get started” link as it’s likely to redirect you to a malicious website with the intent of stealing your Xero username and password.

Additionally, do not click on the support@xero.com link that’s embedded within the same email. The mailto link redirects you to: ‘support@xero.co’ which is not an email address not associated with Xero.

If you’re an existing Xero user, we recommend enabling Two-Step Authentication (2SA) as another layer of protection for your account. You can find out more about 2SA here.

You can find more information on how to protect yourself from email phishing attacks here.

_________________________________________________________________________________________________________________________________________________________

Jan 4th, 2019 – Fake Xero billing notification

We’ve had reports of people receiving another version of fake Xero Billing Notification emails.

So far, we’ve seen this email sent with a subject of  either ‘INV-3259762’, ‘INV-5249862’ or ‘Remittance Advice Notificationfrom multiple business email addresses.

Please be aware that these are not sending addresses nor domains used by Xero, and these emails were not sent by us.

Here is an example of the email:

If you have received this email, you should report it as phishing and delete it. Do not click on the link to view your bill. The link in this phishing email will redirect you to a malicious website.  

If you’re an existing Xero user, we recommend enabling Two-Step Authentication (2SA) as another layer of protection for your account. You can find out more about 2SA here.

You can find more information on how to protect yourself from email phishing attacks here.

_________________________________________________________________________________________________________________________________________________________

Jan 3rd, 2019 – Fake Xero billing notification

We’ve had reports of people receiving fake Xero Billing Notification emails similar to our post in December.

The email has a subject of ‘Xero subscription invoice’ and is being sent from a wide range of individual and business email addresses. The invoice numbers used may vary in an attempt to make the invoice more convincing.

Please be aware that these are not sending addresses nor domains used by Xero, and these emails were not sent by us.

Here is an example of the email:

If you have received this email, you should report it as phishing and delete it. Do not click on the link to view your bill. The link in this phishing email will redirect you to a malicious website.  

If you’re an existing Xero user, we recommend enabling Two-Step Authentication (2SA) as another layer of protection for your account. You can find out more about 2SA here.

You can find more information on how to protect yourself from email phishing attacks here.

_________________________________________________________________________________________________________________________________________________________

Jan 2nd, 2019 – Fake GDPR confirmation email

We’ve had reports of people receiving fake GDPR confirmation emails.

The email has a subject of ‘GDPR Subscriber Alert’ and is sent from email address: ‘support@pjksolutions.com’.

Please be aware that the email address listed above is not a sending address nor domain used by Xero, and these emails were not sent by us.

Here is an example of an email we’ve received:

If you have received this email, you should report it as phishing and delete it. Do not click on the “Yes,it’s me – let’s get started” or “unsubscribe” links as they’re likely to redirect you to a malicious website with the intent of stealing your Xero username and password.

Additionally, do not click on the support@xero.com link that’s embedded within the same email. The mailto link redirects you to: ‘support@xero.co’ which is not an email address associated with Xero.

If you’re an existing Xero user, we recommend enabling Two-Step Authentication (2SA) as another layer of protection for your account. You can find out more about 2SA here.

You can find more information on how to protect yourself from email phishing attacks here.

_________________________________________________________________________________________________________________________________________________________