Editor | 23 October 2015

Xero Password Phishing Warning

Xero have issued a warning that their customers are being targeted by a phishing email designed to try and obtain customers Xero log in details. This would then give unscrupulous 3rd parties access to your confidential financial data.

Phishing emails are emails designed to look like they come from your bank, eBay/PayPal account or other related party. The aim is that they ask you to log in and therefore obtain your details from an unconnected site made to look like their own.

Phishing emails can usually be spotted by the fact the email address they come from aren’t from xero.com (although they can have those words in them they won’t end in xero.com).

The links they point to won’t take you to xero.com but one that looks similar.

Often your anti-virus software will warn of known phishing scams by taking them to junk email.

The key is never to log on to Xero through a link sent to your email. Always go to the xero.com homepage via your browser and log on as normal. If there is an important message from Xero it will show there.

If in doubt change your log in password. Although it is hard to remember your passwords for various sites it is important that they do vary. Advice is that they should contain 2 unconnected words and at least one character, one number and one upper and lower case letter.

The complete email from www.xero.com is below:

Important information – password reset

As we mentioned in our recent email we have seen an increase in phishing scams, including some that have impersonated Xero’s branding. Our monitoring has shown that a small number of our customers have had their Xero accounts compromised. As a precaution we are asking our customers to reset their passwords.

Before you reset your password

We strongly recommend that you update your anti-malware (anti-virus) software with the latest signatures and run a full scan of your computer before you reset your password. Please do this on all computers you use to access Xero.

You should always maintain your operating system and applications by keeping them up to date with security patches.

Resetting your password

Over the next few days, when you login to Xero you’ll be asked to change your password. If you’ve recently changed your password, we won’t ask you to change it again. If you would like to change your password now, the best way to do that is to follow the My Xero Password instructions in our Xero Business Help Centre.

We recommend using a different password for Xero than for other applications you access and turning off your password auto save. For more password and security advice, have a read of our Cloud Security Small Business Guide. If you've got any questions or would like to know more, take a look at our security page.

Xero takes security very seriously. If we were to ever identify any malicious activity in relation to your account we would notify you immediately. If you notice something suspicious in your account, please contact us at phishing@xero.com.


The Xero Team