Thu Dec 14, 2017 7:25 pm
Don't pay the fake #Xero invoice. Email links to a compromised SharePoint site, hosting a Javascript file executing a malicious trojan.
December 14th, 2017 – Fake Invoice phishing email
We’ve had reports of people receiving a new version of the fake invoice reminder phishing email, similar to those we reported about in June, July, August and November. The sending address of the email is invoicereminders@post.xerostatic.com with a subject of ‘Bill INV-0906 from Enquip Pty Ltd is due soon’. The invoice amount in the email also varies.
Please be aware that invoicereminders@post.xerostatic.com is not a sending address nor a domain used by Xero, and this email was not sent by us. Nor was it sent by Enquip Pty Ltd. The criminal sending the email has exploited the name of this legitimate business to try to make their email more convincing.
If you have received this email, you should report it as phishing and delete it. Do not click on any links or attachments. The online bill link and PDF attachment in this phishing email will prompt you to download a malicious file, possibly ransomware.
Dear Client
Thanks for working with us. This is a gentle reminder that your bill for $286.88 is due on 18 Dec 2017.
If you've already paid it, thank you for your prompt payment we are sorry for bothering you and please ignore this email.
To view your bill visit https: / / in.xero.com/COvlbwFbVKzZrYjYHmKqmAPkhZddNUHYXjNTljUB
If you've got any questions, or want to arrange alternative payment don't hesitate to get in touch.
Thank you
Donna
Accounts & Administration
Enquip Pty Ltd