Scam- Xero email?

Forums › Off topic › Scam- Xero email?

Batman

Mad Scientist
30012 posts

Uber Geek
+1 received by user: 6217

Trusted

Lifetime subscriber

#233912 9-May-2018 11:03

So my closest relation with Xero is that I've heard of them.

Got an email saying bill is overdue, but predated.

Got a link with zero.com but opens in dropbox, phone wants to open with looper.

Thought I'd see if anyone got the same scam?

msukiwi

2443 posts

Uber Geek
+1 received by user: 2126

Lifetime subscriber

#2011558 9-May-2018 11:08

Yup got the same one!

Hopeless to contact Xero!

Headers say from xero.com via xtra business mail!

Benjip

977 posts

Ultimate Geek
+1 received by user: 524

ID Verified

#2011559 9-May-2018 11:11

When you say "an email saying bill is overdue", is it suggesting that you were billed by Xero themselves? Or is it from a business (but sent via Xero)?

If the former, I'd say it's a scam, if the latter then could it be someone you've done business with in the past?

Edit: sounds like a scam. See the Xero website for their scam advisories.

msukiwi

2443 posts

Uber Geek
+1 received by user: 2126

Lifetime subscriber

#2011562 9-May-2018 11:17

Finally found on Xero website:

Mar 29th, 2018 – Fake Invoice phishing variant

We’ve had reports of people receiving a new version of the fake invoice reminder phishing email, similar to those we reported in February this year.

This time, the sending address of the email is invoice@xero.com with a subject of ‘Your xero invoice available now’.

Please be aware that invoice@xero.com is not a sending address used by Xero, and this email was not sent by us.

Here is an example of the email:

If you have received this email, you should report it as phishing and delete it. Do not click on any links or attachments. The online bill link and PDF attachment in this phishing email will prompt you to download a malicious file, possibly ransomware. You can check the destination URL on a link by hovering your mouse over the link (DON’T CLICK) to see the actual destination URL. This will be displayed at the bottom of your browser window.

Behodar

11089 posts

Uber Geek
+1 received by user: 6069

Trusted

Lifetime subscriber

#2011566 9-May-2018 11:20

Batman: Got a link with zero.com

Does it really say zero.com or is that a typo?

Batman

Mad Scientist
30012 posts

Uber Geek
+1 received by user: 6217

Trusted

Lifetime subscriber

#2011572 9-May-2018 11:23

It's the exact email shown in previous post.

xpd

Geek of Coastguard
14115 posts

Uber Geek
+1 received by user: 4574

Retired Mod

ID Verified

Trusted

Lifetime subscriber

#2011682 9-May-2018 13:06

Yup got one just now as well......

XPD / Gavin

LinkTree

Samsung

Shop now on Samsung phones, tablets, TVs and more (affiliate link).

CYaBro

4708 posts

Uber Geek
+1 received by user: 1182

ID Verified

Trusted

#2012686 9-May-2018 13:44

Customer had a different one today.

It all looked legit, the link to the Xero invoice did in fact open the invoice on Xero's system, and the PDF was attached to the email as well.

Except the invoice was blank except for the companies name and GST number.

It was from some health company in Auckland that the customer had never heard of.

Opinions are my own and not the views of my employer.

Taubin

592 posts

Ultimate Geek
+1 received by user: 243

ID Verified

Subscriber

#2012687 9-May-2018 13:45

My wife has been receiving quite a few of these at her workplace. She does a lot of legit work through Xero, and nearly got caught out the first time. She's since started looking at the link when hovering over it to make sure it actually goes to Xero.

ZL2TOY/ZL1DMP

Oblivian

7345 posts

Uber Geek
+1 received by user: 2117

ID Verified

#2012699 9-May-2018 14:06

Just remember pdfs can drop malware on open via macros...

mattwnz

20515 posts

Uber Geek
+1 received by user: 4795

#2023956 28-May-2018 14:03

That is why I prefer basic text invoices in the email. But it seems common practice for emails to be sent as PDFs. So I always just view them on the ipad.

Batman

Mad Scientist
30012 posts

Uber Geek
+1 received by user: 6217

Trusted

Lifetime subscriber

#2023991 28-May-2018 15:15

Got a spark invoice too the other day!