The Australian Federal Police is investigating phishing attacks against accountants that some say has seen thousands lifted from bank accounts.
The scam targets users of the popular Xero accountancy software-as-a-service service, with what is said to be a would-be login portal that steals credentials.
Money is being shipped off to a bank account in Western Australia, sources familiar with the attacks say.
The Federal Police cybercrime operations wing says in a boilerplate response it is investigating the compromise and will liaise with XERO and victims.
Spokeswoman for the New Zealand company Alex Mercer said Friday a "very small number" of login details were stolen either through phishing or malware.
"We are working closely with the users concerned to help address each of their incidents," Mercer says.
"As you can appreciate, we do not discuss details about a user’s issue outside of informing the authorities or another organisation that needs to be involved."
Mercer says customers should take the usual good security defense measures including updating and running antivirus before resetting passwords.
Security types say they know of a handful of businesses in NSW and Victoria were affected. In those cases attackers had used the stolen login credentials to change bank account details such that subsequent deposits were funnelled into attackers' hands.
Following Vulture South's inquiry XERO urged customers to reset passwords but mistakenly sent that request to its global customer base instead of just assaulted Aussies.
That prompted the company to issue a password-reset retraction to douse panic. ®