Xero warning following customer accounts 'compromised'

Xero says the fake emails were designed to look like they came from a bank, an eBay/PayPal account or other related party.

Xero says the fake emails were designed to look like they came from a bank, an eBay/PayPal account or other related party.

Xero customers are being asked to reset their passwords after a handful of accounts were "compromised".

In an email to customers on Thursday night, the company explained some customers had been sent fake emails, imitating Xero's branding, to trick people into revealing their logon details.

"As we mentioned in our recent email we have seen an increase in phishing scams, including some that have impersonated Xero's branding.

"Our monitoring has shown that a small number of our customers have had their Xero accounts compromised," it said.

"As a precaution we are asking our customers to reset their passwords."

On Saturday, the company announced on its blog that it had been tracking a small number of incidents, where a "handful" of Xero usernames and passwords had been obtained.

"We recommend that Xero users update their anti-malware (anti-virus, anti-spyware), and change their passwords."

"Our team is continuously looking for patterns of malicious activity and will notify users when we believe there to be a problem – much like when your bank contacts you if they believe your card has been used fraudulently."

Xero chief exeuctive Rod Drury could not say exactly how many customers had been directly affected, however he said it was in the "tens".

"It's only a very, very small number of people, but we are taking it very seriously."

He would not say if those customers had suffered any financial loss.

Most of the customers who were affected were based in Australia, Drury said.

Ad Feedback

"But it was prudent to warn all our customers and get them to change their passwords."

They were trying to encourage "password hygiene" and educate people about hackers, he said.

"We wanted to be proactive and get people to change their passwords.

"We are aware there is quite a lot of sophisticated fraud going on and it's not just us noticing this, other accounting software companies have noticed this too...we are all keeping a close eye on it."

Drury said they were working on implementing two-factor authentication to ensure they security was strong.

Two-factor security gives users the option to add a second layer of authentication beyond a password - often a code sent by text.

The company's advice to customers was never to log on to Xero through a link sent to their email.


* Incorrect spelling or grammar - legitimate organisations do not always get it 100 per cent right, but be suspicious of emails with basic errors.

* The actual linked URL is different from the one displayed - hover your mouse over any links in an email to see if the actual URL is different. Do not click on the link.

* The email asks for personal information that they should already have, or information that is not relevant to your business with them.

* Emails calling for urgent action. For example, "Your bank account will be closed if you don't respond right away". If you are not sure and want to check, then go directly to the bank's website via the URL you would normally use, or phone them. Do not click on the link in the email.

* The email says you've won a competition you didn't enter, have a parcel waiting that you didn't order, or promises huge rewards for your help. On the internet, if it sounds too good to be true then it probably isn't true.

* There are changes to how information is usually presented, for example an email is addressed to "Dear Sirs" or "Hello" instead of to you by name, the sending email address looks different or complex, or the content is not what you would usually expect.

 - Stuff


Ad Feedback
special offers
Ad Feedback