We all know that we need to be careful about opening email attachments from people when we are not expecting them, but one our clients recently received an invoice via XERO to XERO asking for payment. This was very unusual as the client had not purchased anything from the supplier.

We went to Xero and asked them about this instance and the reply from Xero is below

“We’ve taken a look at the email your client received and we’ve found that a malicious user had created a Xero account for the purpose of sending spam emails. Our security team are aware of this and have taken steps to prevent this from happening again, however if you or your clients do receive any further requests like this please let us know.

Please ask your clients not to click on any links contained in the suspect email and to delete the email. If they have clicked on the links, we recommend they take the following steps:

Check there’s no malware on your computer or any other devices you use.
Make sure your anti-malware (anti-virus, anti-spyware) software is up to date, then run a full scan on your computer.
Change the password for your email and other online accounts – to keep yourself safe online, don’t share your password with anyone.
Enable multi-factor authentication (MFA) on your email and other online accounts – using MFA significantly reduces the risk of unauthorised access to your email or other online accounts, even if your password is compromised.”

Unfortunately there are more instances of ‘malicious users’ across all the online platforms (email, internet, etc) and it pays to be diligent and aware. Please don’t click on attachments if you are not sure who they are from or if you were not expecting them.

If you do receive any suspicious invoices through your Xero platform, please do let us know straight away.

July 2024

Cyber Security - an ongoing reminder

Stephen Grey and Andrew Bayly

2024 Budget - Tax Changes