Share this content

Fake Xero invoice e-mails

Received a fake Xero invoice e-mail linking through to a JavaScript attachment

Just a word of warning, at 12:22 I received a quite convincing fake Xero invoice e-mail for August from "Xero Billing Notifications".  The actual e-mail address used is [email protected] rather than the correct

I mistakenly clicked on the invoice link, which downloads a document called "Xero invoice", but which is really a JavaScript script.  Fortunately I didn't click to activate that.

Possibly a ransomware script, so be warned.


16th Aug 2017 15:20

I got one too.

The scammers have finally worked out that if they make it look like the real thing folks might be fooled.

Two key clues:

1. It is not addressed to you as the Xero ones are.
2. The domain is above is bogus.

Thanks (1)
16th Aug 2017 16:59

Same here and I was fooled but not enough to open the attachment - thank goodness!

Thanks (1)
16th Aug 2017 20:30

Be careful that the download itself hasn't triggered something.
I changed my email set up so that anything that isn't in my contact/safe sender list automatically goes to the Junk Folder. You can then block them or add them as required - also makes you think twice before opening them at all - and your virus software should have done its job by then.

Thanks (1)
By marks
16th Aug 2017 23:45

Had a client who received this as well. Lucky he asked me what it was as although he is on Xero we pay his monthly fee on our account so he doesnt receive an invoice.

He printed it out and showed me it and it did look very convincing at quick glance.

Obvious matter was the but I probably wouldnt have noticed it if it had been sent direct to me.

Thanks (1)
18th Aug 2017 20:23

I would recommend activating Two Step Authentication in Xero as a safeguard in the event of a password being compromised.

Gary Turner
Managing Director, Xero

Thanks (1)
to garyturner
21st Aug 2017 18:33

Gary, good suggestion, but for partners who by definition use Xero intensively, its a pain to have to 2 factor every time you login, especially with no "remember me" feature .... a bit like HMRC but they haven't made it mandatory, yet.

Thanks (0)
By craigt
24th Aug 2017 17:18

Xero does have a remember me for 30 days option when using 2SA. There is a note about fake emails on Xero's security notice board.

Thanks (0)
Share this content