Menu
Scamwatch round-up – Xero and One Drive

Scamwatch round-up – Xero and One Drive

The phishing scams targeting Australians this week

ARN provides a weekly wrap of the phishing scams, malware attacks and security breaches impacting organisations across Australia.

This week, Xero and Microsoft's One Drive had their brands used by cyber criminals in order to deliver malware to Australians' computers.

Xero put out a notice on its website about a phishing scam hiding behind a fake Xero invoice.

The accounting software vendor warned users of reports of a new version of a fake invoice reminder, which appeared to heve been sent from different email addresses.

"A genuine Xero email will always come from a xero.com domain or sub-domain address," the vendor informed.

Xero also advised recipients not to click on the "view invoice link" informing that by doing so, recipients would be downloading a malicious file.

The vendor's brand is often used in similar scams like the ones reported in January, February, March and May 2018.

According to Mimecast the link in this phishing scam appears to download a banking trojan via a Traffic Distribution System which attackers use as a drive-by attack as a service, helping them avoid detection by researchers and security tools. It has been marketed on the dark web since late last year.  

Late last week, email filtering company Mailguard reported a fake One Drive email had been identified.

The email contained a link that directed recipients to a fake Office 365 website with the intent to collect the recipient login information.

Scamwatch, the Australian Competition and Consumer Commission arm aimed at providing information to consumers and small businesses on scams, has received 8,771 phishing scams reports in 2018. A total of $230,000 has been lost in those scams.

Phishing scams statistics - Scamwatch
Phishing scams statistics - Scamwatch


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags phishingxeroscamOne Drive

Show Comments