Start using Xero for free Sign up now

You're on our website.

Staying safe online

Author Profile Picture

Beeny Atherton

Sep 26, 2016

Over this past week, the finance and tech industry has seen a surge in phishing scams. In our own accounting software industry we’re seeing it in the form of fake invoice emails, delivering malware to inboxes.

Xero takes security very seriously. Protecting our customers’ security is fundamental to our business. So we want to provide you with a timely reminder about how to protect yourself and your business online, particularly when it comes to opening emails and their links and attachments.

This recent scam looks similar to legit invoice emails coming from users of Xero. There is just is a single character difference in the ‘from’ address –, which is similar to Xero’s legit invoices from

The links in these emails take you to a malicious webpage which automatically downloads malware onto your computer.  You can check the actual destination of a link before you click on it by hovering your mouse over the link (BUT DON’T CLICK).  The actual destination URL will be displayed at the bottom of your browser window.  In the case of these latest phishing emails, the actual link is very different to the URL displayed.

What can I do to protect myself?

It is crucial for all Xero users to ensure you update their anti-malware (anti-virus, anti-spyware) software, and make sure that your operating system and software is up to date with the latest security patches.

Don’t be too quick to click on a link.  Take the time to check where the link will actually take you.  Check our Security Noticeboard for details of the latest scams and security issues affecting the Xero community.  If you’re at all suspicious, you can forward the email to and we’ll check it out for you.

Staying safe online

As well as taking the above measures to protect your business from phishing, we recommend you use strong passwords, and practice good password hygiene (don’t share passwords between people or services), at all times.  You should also use two-step authentication (2SA, 2FA or MFA) wherever it’s available as an additional layer of security.  We strongly encourage all Xero users to use our 2SA feature. Having two-step authentication enabled significantly reduces the risk of unauthorised access to your account as the attacker can only get the ‘something you know’, not the ‘something you possess’, so they can’t log in. This better protects our customers from fraud and damage to their business.

Our team is continuously looking for patterns of malicious activity and will notify users when we believe there to be a problem – much like when your bank contacts you if they believe your card has been used fraudulently.  You can also use your Xero dashboard to check when you last logged in, and the location of those logins, including IP address. If you don’t recognise the location or date of the last login, please contact customer support:


When you click on the link you can see when and where you last logged into Xero.


You can find more information on the Security Noticeboard.



Share this article


Start using Xero for free

Find out why 3.95 million subscribers locally and across the world trust Xero with their numbers.

Try Xero for free

Related articles: