We have become aware of a cyber-attack involving a scam attempt to redirect a legitimate invoice payment into a different bank account number by impersonating one of our staff members on email.
The attacker has registered a new domain name, closely resembling our own: “windowsdoorsau.com” and impersonated our staff on email, replacing all the recipient’s email addresses except the target. All replies were going to the attacker. Our staff member’s email signature and details were used in the reply to request payment.
Please note: Invoices sent from Xero are correct and have not been compromised. Our bank account; Online Payment (Credit Card) and BPAY details have not either. We would not issue a change by email if we were to change it.
If you have further concerns, please contact us through our support system.