Data protection with two-step authentication

Angela Poole


April 30, 2022


Since the Facebook-Cambridge Analytica scandal, data protection has been in the forefront of everyone’s minds. However, despite the wake up call, hackers are becoming more advanced in the way they manipulate and use our data.

Be Aware

We’ve recently been made aware of suspicious activity that may also be affecting you.

Clients were advised by one of their customers that they received duplicate invoices from them. The original invoice was generated and emailed from Xero. Another being sent with what seemed to be an identical invoice attached from a different email address.

Further investigations revealed malware was present in their customers PC, resulting in invoices being intercepted and manipulated to show different bank account details. The rest of the invoice was untouched, making it look like the invoice that was generated by Xero was legitimate. See examples of original & hacked invoice below.

Data Protection Xero Invoice

Data Protection Xero Invoice - Hacked

Data Protection

Although this particular issue did not originate from Xero, we have been advising our clients to ensure all users have 2 step authentication enabled on their Xero login. Two-Step Authentication is available to all Xero users to provide an additional layer of security for your Xero user accounts. Data protection using two-step authentication significantly reduces the risk of your Xero account becoming compromised if your password gets stolen by phishing or malware. To learn more about 2-step authentication, click here.

Enable Two Step Authentication

  1. Download Authenticator App on your mobile device
  2. In Xero –> Account –> Two Step Authentication –> Setup
  3. Scan QR Code from Authenticator App downloaded in step 1

The next time you log in to Xero, you’ll need to enter your authentication code in addition to your email address and password.

If you find that you are in a similar situation, contact your IT department immediately to ensure no further data is compromised.

Related Articles

The landscape for non-profit organizations in Australia, particularly those that are not registered as charities, is undergoing a significant transformation. This change revolves around how these entities will access and demonstrate their eligibility for income tax exemptions moving forward. This blog post delves into the critical aspects of the new requirements set forth by the Australian…

Read more

Are you a female entrepreneur with an innovative business idea? Do you need funding to take your startup to the next level? If so, the Female Founders Co-Investment Fund could be just the opportunity you’re looking for. The Female Founders Co-Investment Fund This pilot fund is a unique business grant specifically designed to support eligible female-founded…

Read more