In recent days we have been made aware of several malicious software emails purporting to have come from online accounting/payment company Xero.com. These emails do not appear to be widespread amongst our customers. However, as the protection of your data is of the utmost importance to us, I thought it best to offer some insight and advise into the issue.
Xero have been subject to several phishing email scams. It is possible that scammers may have been able to access email addresses through Xero’s database or indeed through other means. However, please rest assured that there is currently NO evidence to suggest that our personal or accounting databases have been hacked in any way.
Because the safety of our your online activity is extremely important we have copied in a formal response from Xero.com with regards this matter:
We’re currently seeing a widespread campaign using the “firstname.lastname@example.org” email address, however this domain is not associated with Xero in any way.
The sender is impersonating, or “spoofing” our domain to make it look like their phishing email was sent by Xero.
Note that these emails are being sent to Xero customers and non-customers alike. The scammers have got hold of a list of emails from the internet and are targeting all of them. There has been no compromise of our customers’ information, and the scammers have no way of telling who might be a Xero customer or not.
Unfortunately, we can’t stop scammers from sending emails that contain Xero branding, and as you will have seen, the invoice link in the scam emails doesn’t link to Xero, but to a compromised site that is serving malware. We’re also in the process of getting this malware site taken down.
We recommend taking a look on our blog for information about how to recognise phishing emails. Our Security Noticeboard page has been updated with more details.
We recommend you bookmark the pages below to keep up to date with any further news.
All legitimate emails from Xero with regards to your Joe’s account or billing will always come from a Xero.com email address and always contain reference to Joe’s Lawn Care in the subject & body of the email.
If you are in any doubt as to the legitimacy of any emails then please do not click any links that they may contain. The most recent advise from Xero is that emails from a @post.xero.biz address should not be opened.
Any emails that you are unsure of should be reported to email@example.com
For any further information please visit the Xero security noticeboard here.
Joe’s Lawn Care Ltd