Staying safe online is vital to both your personal and financial wellbeing. As a Xero Certified Advisor, Ganrid knows the exceptional ease and efficiency that online accounting offers. Yet we also know the pitfalls. That is why we work together with Xero to help you stay savvy about online risks to your financial health.

BLOG: Don’t be caught out by phishing scams

Phishing scams are an increasingly growing online risk. Bank patrons and customers of other large reputable companies like Xero are the main target groups being phished.

Phishing takes the form of malicious emails that masquerade as correspondence from a legitimate company. You will receive a message in your inbox from an email address like: message-service@post.xero.com. Subject lines may include:

Subject: Credit Note CN-87151 from ...

Subject: ACH Approval Letter

Subject: Invoice INV-...

Phishing does not target your company website. Rather it is your Xero login and access details that the scam has in its sights.

Phishing is a very real risk. A phishing scam targeting Xero customers is already in circulation. Please rest assured though that Xero has not been compromised in any way and your critical data remains safe with Xero’s robust protection. In response to the phishing scam, Xero has now activated its phishing protection service to analyse the rogue campaign and take down the websites used in its support.

Three tips to avoid being caught in the phishing net

So how do you avoid being caught by a phishing campaign? Here are three quick tips to keep your critical online financial information safe and yourself out of the phishing ‘net’:

  1. Verify: Got an email prompting you to login or send personal details? Stop. Always check that the sender email address matches all other correspondence you have had from the company at hand. Do not go by email address alone. Look through the wording, branding and images contained within the email. Anything that is not an exact match with verified company correspondence is a red flag. Always double-check questionable emails with the sender company before you act on them.


  2. Leave that link alone: many phishing emails contain a login link that you are asked to follow. Never click on a link before thoroughly vetting it out first. A simple look at the url will usually be enough to alert you to anything untoward. Large companies and banks have secured websites so their url says https rather than http. Where you see https in a url this tells you that you are on a secure site. If you are still not sure just leave the link out altogether and navigate to the login site through your own browser. That eliminates any risk or questions you may have regarding the authenticity of the link or site.


  3. Ask: sometimes the quickest way to put any phishing concerns to rest is to speak directly with the customer service team of the company in question. If you have been the target of a phishing campaign, your call could alert the company to an issue that may be affecting many customers. Xero has a dedicated email to deal specifically with potential phishing scams. Pop details of your concerns through to phishing@xero.com .

Do you think you have been phished?

Phishing is a parasitic presence in the online financial sphere. But you can guard against this with vigilance and know-how. If you think you have been phished, login and change your passwords immediately. Also be sure to contact the company that the phishing scam sought to target you through. You will need to let them know that your account may have been compromised so that they can take corrective action before any damage is done.1212