Scamwatch round-up – Xero, Office 365, Xerox and eBay

Scamwatch round-up – Xero, Office 365, Xerox and eBay

This week, the Xero, Office 365, Xerox and eBay and Ezi Office Supplies brands were all hijacked in scam email campaigns

ARN provides a weekly wrap of the phishing scams, malware attacks and security breaches impacting organisations across Australia.

This week, another fake Xero invoice was being sent to Australians' inboxes on 26 February. In this instance, the scam emails -- picked up by email filtering company, MailGuard -- were designed to look like an invoice notification from The Advocates Property Advisory.

According to MailGuard, the 'view invoice' link within the message directs recipients to download a Microsoft Word .doc file containing hidden malware.

Several fake Xero domains were created for this scam including xero-e . com, xeropages . com, xerosupply . com and xero-web . net. All had been registered in China a day before the emails had been sent.

"This sort of email scam is a technique used by cybercriminals to infect computer systems with trojans, spyware and ransomware," MailGuard wrote in a blog post. "Victims who unwittingly click through to the fake 'invoice' document and open it will activate hidden code in the file that will infect their computer without their knowledge."   

On the same day, a phishing scam portraying to be from Xerox and using a fake Microsoft Office 365 page has been detected.

The plain text message is supposedly a document sharing notification with a 'view document' link which then takes recipients to what it looks like an Office 365 log in page.

MailGuard believes the scam had the goal of harvesting recipients log in data when they tried to sign in on the fake page.

On 28 February, a fake eBay invoice was picked up in which the link contained in the email points to an archived file which contains JavaScript malware.

Scammers hide behind well-known brands in order to catch a larger number of unaware recipients. In order to make fake emails look as the real as possible, scammers will often try to use domain names that look like real company URLs.

"You can see in the screenshot of the message that the sending domain ‘’ looks quite convincing, but actually this domain was just registered yesterday in China, probably for the specific purpose of this scam," MailGuard wrote.

As at the time of writing, the most recent scam picked up by MailGuard was an email using the brand of Queensland retailer Ezi Office Supplies.

A 'view bill' link takes recipients to a zipped file on the actual Ezi Office Supplies website - eziofficesupplies. com. au - which contains JavaScript malware.

The email address from which the message has been sent uses the actual company domain name which suggests that Ezi Office Supplies could have been compromised.

On 20 Feb, Ezi Office Supplies went on social media to warn their customers that they had been having problems with their email system, according to MailGuard.

A post on the company’s Facebook feed stated: “If you have received an email from us - digitalenquiries please delete as it is…spam. Apologies if received already. Thank you.”

A reddit post of 21 February mentioned a scam using the Ezi Office Supplies' name, which suggests it had actually been happening for days.

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags malwarespammailguardscam

Show Comments