Latest phishing alert for bexio customers

1. Don't enter anything: Don't click on any links, and under no circumstances should you enter your login credentials on an unfamiliar website.
2. Inform us: Contact our bexio support team. By doing this, you will help our bexio team to block fraudulent websites more quickly.
3. Delete: Then delete the email from your inbox immediately.

If you have entered your password on a fake website, you need to act immediately:

1. Log in to your bexio account directly via our official website (https://idp.bexio.com) and change your password.
2. Banking check: Before finalising any payment, check all payment orders in your e- banking system extremely carefully to ensure they are correct.
3. Check IBAN numbers in bexio: As a preventive measure, check the IBAN numbers of your suppliers stored in your bexio account, as well as your own draft invoices, for any signs of tampering.

Report a crime in the event of financial loss: If you have suffered a financial loss, the Federal Office for Cybersecurity (BACS) recommends reporting a crime to your local police force. You can find your nearest police station via Suisse ePolice.

You can play an active role in making life as difficult as possible for the scammers. To do this, proceed as follows:

1. Check critically: Check the sender's address and the links as thoroughly as possible.
2. Save without clicking: Take a screenshot or copy the plain text of the email – under no circumstances should you click on any link!
3. Export an EML file: Save the message as an EML file. Find out how to do this here.

Then submit this information to our bexio support team via the contact form. Our analysts and technicians can use this data to identify valuable patterns in order to block fraudulent servers more quickly and make future attacks more difficult.

1. The safest method: Check directly in your bexio account. Unsure? Do not click on any links in the email! Instead, log in directly to your bexio package management system here: https://office.bexio.com/index.php/billing/show/overview?tab=invoices
   
   There, you will immediately see whether a genuine invoice has been issued to you. If no new invoice appears there, the email was a fraud attempt. If this is the case, delete the email immediately.
2. Check the real sender address: Don't be fooled by the sender name displayed (e.g., 'bexio AG' or similar). Hover your mouse over the sender's name or click on it to reveal the actual email address behind it. A genuine invoice from us will always come from the address [email protected]. If anything else appears there, it is an attempt at fraud.
3. Check for hidden links: The email often contains a button (e.g., 'Go to your account') or links. Don't click on them; instead, simply hover your mouse over them. This will show you the hidden destination address (URL).

Important: The address must end in .bexio.com, i.e., 'dot bexio dot com' (e.g., idp.bexio.com or network.bexio.com). If the link leads to an address without this dot (e.g., bexio.something.com) or to a completely different address, it is a phishing attempt.

What should I do if I suspect a scam? If one or more of these signs indicate a fake: Don't click on any links, don't enter your details anywhere, and delete the email immediately.

Don't rely on the sender's display name. Instead, check these three features:

1. The sender's address: If you hover your mouse over the sender's name, the address must be [email protected]. Any other ending is definitely an attempt at fraud. However, this alone is not always sufficient, as resourceful fraudsters can sometimes falsify this sender address in a deceptively authentic way. Therefore, it is important that you always also pay attention to points 2 and 3 below.
2. The link to the invoice: If you hover your mouse over the 'View invoice' button (without clicking), the link must lead to https://network.bexio.com.
3. The login page: Our official and secure login page can only be found at https://idp.bexio.com. Always check the address bar of your browser (at the very top of the window): any other address shown there will lead to a fake website.

Unknown persons are currently sending fake emails. This is a phishing attack: if you click on the link in the email, you will be directed to a replicated, fake website. There, you will be asked to enter your login credentials so that the attackers can steal your username and password.

No. Our systems have not been compromised. There has been no breach of our infrastructure. The fraudsters are merely using our brand name and falsifying sender details ('spoofing') to lure you to an external, fake website.

Yes, your data is safe. As there was no access to our databases, all information stored in bexio remains protected. The scammers do not have access to bexio data, unless they manage to obtain your personal login details through these phishing emails.

To protect you, we have implemented a crucial immediate measure: two-factor authentication (2FA) is becoming the mandatory standard at bexio. This means that, in future, when you log in, you will be asked for a code that we will send to your registered email address. This additional step significantly enhances access security and prevents unauthorised access – even if your password has fallen into the wrong hands. You can find more information on this in the relevant Help Centre article.

At the same time, our security specialists are continuously analysing the situation and working closely with specialist partners to have the fraudulent websites and servers blocked as quickly as possible. We have the situation under control and are doing everything we can to stop the attacks at their source as well.