Remove Xero email scam and related malware

Explore the ins and outs of the email scam heavily targeting the customers of Xero, a major New Zealand based software vendor with offices around the globe.

Which vector of cybercrime yields better results for malefactors – malware attacks or frauds via social engineering? That’s a complicated question with hardly any clear-cut answer in existence. There is one thing that can be stated for sure: scams don’t take as much effort to pull off. This is what makes this tactic such a lure for the black hats. In one of these large-scale campaigns, the crooks have been sending out numerous emails impersonating Xero, a company behind popular cloud-based accounting software used in more than 180 countries. The huge customer base constantly tuned for messages from the reputable service is probably the top reason why this wave has gained so much traction. At this point, Australian users of the Xero SaaS (software as a service) platform are among the most frequently targeted ones.

The most common type of the Xero email scam mimics a subscription invoice. The booby-trapped messages may contain one of the following phrases in the subject field: “Xero: Your Monthly Review”, “Your Xero Invoice”, or “Your latest Xero subscription invoice”. The body of the email supposedly contains the latest invoice attached to it and says the amount will be debited from the recipient’s credit card on or after a specific date. The text is complemented with a standard encouragement to contact the company if something isn’t clear or in case there is any change on the status. The main catch is that the allegedly “attached” invoice isn’t actually there. Instead, there is a hyperlink that, when clicked, forwards the victim to a website containing malware or one that tries to wheedle out sensitive information. Note that these phony messages may come either from some random individual, for example Lisa Munro or James Logan, pretending to be a representative of the Xero billing team; or the sender can use a legit-looking email address, such as subscription.notifications@post.xero.com.

One more widespread form of the Xero email hoaxes follows a remittance theme. In this scenario, the messages appear to have been sent by the “Accounts Department”, with the email address being no-reply@post.xero.com or similar. In many cases, the subject has misspellings and say “Remittance Advise” instead of “Remittance Advice”. This is one of the giveaways to look out for. Another red flag is that the email entices the victim to download the remittance breakdown spreadsheet using OneDrive file hosting service. As opposed to that, genuine messages from Xero will usually contain a document attached to the email itself and won’t redirect users to another resource. One way or another, clicking the embedded link is a slippery slope, because it will lead to a page that asks the user to enter their Xero credentials to view the file.

Yet another variant of the scam tells the recipient to confirm two-step authentication (2SA) for their Xero account. Similarly to the above-mentioned stratagems, the email tries to dupe the user into clicking a dangerous link. The link is camouflaged as a button saying, “Yes, it’s me – Confirm 2SA”. If the targeted Xero customer falls for the hoax and proceeds with the fake confirmation, they will end up on a bogus site disguised as a Xero account login page. Once again, this way the criminals attempt to get hold of the victim’s credentials and take advantage of them in the worst way. Anyway, if you have received one of these or similar scam emails mimicking Xero and clicked any links in them, it’s definitely a good idea to check your computer for viruses that may have thereby infiltrated it.

Automated removal of malware related to the Xero email scam

Owing to an up-to-date database of malware signatures and intelligent behavioral detection, the recommended software can quickly locate the infection, eradicate it and remediate all harmful changes. So go ahead and do the following:

1. Download and install the antimalware tool. Open the solution and have it check your PC for PUPs and other types of malicious software by clicking the Start Computer Scan button

Download Xero scam virus remover

2. Rest assured the scan report will list all items that may harm your operating system. Select the detected entries and click Fix Threats to get the troubleshooting completed.