Be on the lookout for fake Xero billing notifications
There have been several reports of people receiving fake Xero Billing Notification Emails, which claim to be from Xero or make use of Xero’s logo within the emails.
Phishing emails are a favoured way for cybercriminals to gain access to your sensitive information, such as your usernames and passwords, credit card details, bank account numbers, etc. These kinds of emails may look as if they come from a trustworthy source, but will attempt to trick you into:
- Clicking on a link that will infect your computer with malicious software
- Following a link to a fake (but convincing) website that will steal your login details
- Opening an attachment that will infect your computer
Follow our four simple steps below to avoid being a victim of phishing:
Step 1: Don’t click on any links or attachments contained within the email
These links and attachments can lead to viruses or lead a victim to a hacking attack.
Step 2: Check to see if it is a genuine email
Did the email come from ‘@xero.com’ email addresses or a trusted email domain? Were you expecting the email?
Step 3: Check Organisational Websites
Most large corporations and government departments have dedicated pages on their websites which you can check for known scams. These pages are immediately updated once they become aware of new scams. Here are some resources you can refer to:
Step 4: Contact Carrick Aland
If you are still unsure, you can call our office on 07 4669 9800 or forward the email to us where we will be able to assist in verifying the legitimacy of the email. Additionally, if you are an existing Xero user, we recommend enabling Two-Step Authentication (2SA) as another layer of protection for your account.