Scam- Xero email?

Forums › Off topic › Scam- Xero email?

Batman

Mad Scientist
29713 posts

Uber Geek

Trusted

Lifetime subscriber

#233912 9-May-2018 11:03

So my closest relation with Xero is that I've heard of them.

Got an email saying bill is overdue, but predated.

Got a link with zero.com but opens in dropbox, phone wants to open with looper.

Thought I'd see if anyone got the same scam?

msukiwi

2412 posts

Uber Geek

Lifetime subscriber

#2011558 9-May-2018 11:08

Yup got the same one!

Hopeless to contact Xero!

Headers say from xero.com via xtra business mail!

Tradepub

Free professional, reference and technical white papers (affiliate link).

Benjip

941 posts

Ultimate Geek

ID Verified

#2011559 9-May-2018 11:11

When you say "an email saying bill is overdue", is it suggesting that you were billed by Xero themselves? Or is it from a business (but sent via Xero)?

If the former, I'd say it's a scam, if the latter then could it be someone you've done business with in the past?

Edit: sounds like a scam. See the Xero website for their scam advisories.

msukiwi

2412 posts

Uber Geek

Lifetime subscriber

#2011562 9-May-2018 11:17

Finally found on Xero website:

Mar 29th, 2018 – Fake Invoice phishing variant

We’ve had reports of people receiving a new version of the fake invoice reminder phishing email, similar to those we reported in February this year.

This time, the sending address of the email is invoice@xero.com with a subject of ‘Your xero invoice available now’.

Please be aware that invoice@xero.com is not a sending address used by Xero, and this email was not sent by us.

Here is an example of the email:

If you have received this email, you should report it as phishing and delete it. Do not click on any links or attachments. The online bill link and PDF attachment in this phishing email will prompt you to download a malicious file, possibly ransomware. You can check the destination URL on a link by hovering your mouse over the link (DON’T CLICK) to see the actual destination URL. This will be displayed at the bottom of your browser window.

Behodar

10413 posts

Uber Geek

Trusted

Lifetime subscriber

#2011566 9-May-2018 11:20

Batman: Got a link with zero.com

Does it really say zero.com or is that a typo?

Batman

Mad Scientist
29713 posts

Uber Geek

Trusted

Lifetime subscriber

#2011572 9-May-2018 11:23

It's the exact email shown in previous post.

xpd

Geek @ Coastguard NZ
13718 posts

Uber Geek

Retired Mod

ID Verified

Trusted

Lifetime subscriber

#2011682 9-May-2018 13:06

Yup got one just now as well......

Gavin / xpd / FastRaccoon / Geek of Coastguard New Zealand

LinkTree - kiwiblast.co.nz - Lego and more

Support Kiwi music! The People Black Smoke Trigger Like A Storm Devilskin

NZ GEEKS Discord______________________________

CYaBro

4560 posts

Uber Geek

ID Verified

Trusted

#2012686 9-May-2018 13:44

Customer had a different one today.

It all looked legit, the link to the Xero invoice did in fact open the invoice on Xero's system, and the PDF was attached to the email as well.

Except the invoice was blank except for the companies name and GST number.

It was from some health company in Auckland that the customer had never heard of.

Opinions are my own and not the views of my employer.

Taubin

557 posts

Ultimate Geek

ID Verified

Subscriber

#2012687 9-May-2018 13:45

My wife has been receiving quite a few of these at her workplace. She does a lot of legit work through Xero, and nearly got caught out the first time. She's since started looking at the link when hovering over it to make sure it actually goes to Xero.

ZL2TOY/ZL1DMP

Oblivian

7284 posts

Uber Geek

ID Verified

#2012699 9-May-2018 14:06

Just remember pdfs can drop malware on open via macros...

mattwnz

20096 posts

Uber Geek

#2023956 28-May-2018 14:03

That is why I prefer basic text invoices in the email. But it seems common practice for emails to be sent as PDFs. So I always just view them on the ipad.

Batman

Mad Scientist
29713 posts

Uber Geek

Trusted

Lifetime subscriber

#2023991 28-May-2018 15:15

Got a spark invoice too the other day!