Blog

Whilst on holiday recently I read the sad story of the owners of the Ruru childcare centre who were the victims of an invoicing scam.  Reviewing the circumstances that allowed the fraudsters to commit this crime I realised that it really could happen to any of us.  After all, the perpetrator had simply accessed an email account, intercepted an invoice, doctored the payment details and resent it.   

Email account hacking happens all the time.  I’m sure we all know someone who has been caught out and had their account abused, often sending lots of bogus emails to all and sundry.  With that in mind it’s easy to see how a hacker could intercept bills; all that is required is some creativity and a purpose. 

We all use emails to send invoices these days and so the opportunities arising out there for hackers are enormous.   

However, there is a seldom-used feature within Xero business subscriptions which allow the invoices to be passed between Xero accounts and thereby avoid being intercepted through email.  All the customer then has to do is code up the invoice from their draft bills and make payment according to the instructions in the Xero invoice. 

Although our bills are rarely large and so the risks minimal, we still recognise that the fix is so simple as to make it worthwhile implementing.  For those of you out there who receive more significant bills the value in this fix will be greater – it should mitigate the risk of being scammed in this manner and may save you some admin time too.   

If you’re interested in finding out more then follow this link to some overview and instructions on the Xero to Xero network and sending your network key.