Keeping you safe online is very important to Xero. We’re aware of the increasing number of phishing scams that are targeting the customers of banks and other large companies.

A phishing scam is when malicious emails target customers by pretending to be from a legitimate company such as Xero, using an email address like message-service@post.xero.com. They’re not targeting the company websites, but rather your login and access details. As online fraud continues to grow, we’ve put together some advice so you can stay safe online. Read more on our blog.

We’re aware of a phishing scam that’;s targeting Xero customers. Xero has not been compromised in any way, and your important data is still safe with us – your security is paramount. Since being made aware of these emails we’ve been working with our phishing protection service to analyse the phishing campaign and take down the websites used.

Recent phishing emails (emails that did not come from Xero) had subject lines like:

Subject: Credit Note CN-87151 from …

Subject: ACH Approval Letter

Subject: Invoice INV-…

Emails like this contain malicious content such as viruses. If you’ve received one, don’t open it – and if you do open it, don’t click any links or attachments. Delete the email. If you’re ever concerned you’ve received a phishing email or one that pretends to come from Xero please forward it to:  phishing@xero.com.

If you’ve got any questions or would like to know more, read our latest blog on security.

Regards,

The Xero Team