Scam- Xero email?

Forums › Off topic › Scam- Xero email?

Batman

Mad Scientist
22590 posts

Uber Geek

Trusted

Lifetime subscriber

#233912 9-May-2018 11:03

So my closest relation with Xero is that I've heard of them.

Got an email saying bill is overdue, but predated.

Got a link with zero.com but opens in dropbox, phone wants to open with looper.

Thought I'd see if anyone got the same scam?

Involuntary autocorrect in operation on mobile device. Apologies in advance.

msukiwi

934 posts

Ultimate Geek

Lifetime subscriber

#2011558 9-May-2018 11:08

Yup got the same one!

Hopeless to contact Xero!

Headers say from xero.com via xtra business mail!

Benjip

722 posts

Ultimate Geek

Subscriber

#2011559 9-May-2018 11:11

When you say "an email saying bill is overdue", is it suggesting that you were billed by Xero themselves? Or is it from a business (but sent via Xero)?

If the former, I'd say it's a scam, if the latter then could it be someone you've done business with in the past?

Edit: sounds like a scam. See the Xero website for their scam advisories.

msukiwi

934 posts

Ultimate Geek

Lifetime subscriber

#2011562 9-May-2018 11:17

Finally found on Xero website:

Mar 29th, 2018 – Fake Invoice phishing variant

We’ve had reports of people receiving a new version of the fake invoice reminder phishing email, similar to those we reported in February this year.

This time, the sending address of the email is invoice@xero.com with a subject of ‘Your xero invoice available now’.

Please be aware that invoice@xero.com is not a sending address used by Xero, and this email was not sent by us.

Here is an example of the email:

If you have received this email, you should report it as phishing and delete it. Do not click on any links or attachments. The online bill link and PDF attachment in this phishing email will prompt you to download a malicious file, possibly ransomware. You can check the destination URL on a link by hovering your mouse over the link (DON’T CLICK) to see the actual destination URL. This will be displayed at the bottom of your browser window.

Behodar

7065 posts

Uber Geek

Trusted

Lifetime subscriber

#2011566 9-May-2018 11:20

Batman: Got a link with zero.com

Does it really say zero.com or is that a typo?

Batman

Mad Scientist
22590 posts

Uber Geek

Trusted

Lifetime subscriber

#2011572 9-May-2018 11:23

It's the exact email shown in previous post.

Involuntary autocorrect in operation on mobile device. Apologies in advance.

xpd

Covid-19 Free
10647 posts

Uber Geek

Mod Emeritus

Trusted

Lifetime subscriber

#2011682 9-May-2018 13:06

Yup got one just now as well......

XPD^ / DemiseNZ

Blog Free Games Twitter

My TradeMe Goodies

Disclaimer - It wasn't me, the dog ate my keyboard, my account was hacked, I was drunk, ALIENS.

CYaBro

3311 posts

Uber Geek

#2012686 9-May-2018 13:44

Customer had a different one today.

It all looked legit, the link to the Xero invoice did in fact open the invoice on Xero's system, and the PDF was attached to the email as well.

Except the invoice was blank except for the companies name and GST number.

It was from some health company in Auckland that the customer had never heard of.

Taubin

481 posts

Ultimate Geek

Subscriber

#2012687 9-May-2018 13:45

My wife has been receiving quite a few of these at her workplace. She does a lot of legit work through Xero, and nearly got caught out the first time. She's since started looking at the link when hovering over it to make sure it actually goes to Xero.

Oblivian

4046 posts

Uber Geek

#2012699 9-May-2018 14:06

Just remember pdfs can drop malware on open via macros...

mattwnz

16480 posts

Uber Geek

#2023956 28-May-2018 14:03

That is why I prefer basic text invoices in the email. But it seems common practice for emails to be sent as PDFs. So I always just view them on the ipad.

Batman

Mad Scientist
22590 posts

Uber Geek

Trusted

Lifetime subscriber

#2023991 28-May-2018 15:15

Got a spark invoice too the other day!

Involuntary autocorrect in operation on mobile device. Apologies in advance.