We witnessed a sophisticated phishing campaign on 16th August 2017, targeting victims by sending spoofed phishing email messages appearing to come from Xero. Xero is a New Zealand-based software company that develops cloud-based accounting software for small and medium-sized businesses. The scammers sent phishing email messages globally, impersonating Xero. These messages contained malicious links that trick the victim into downloading a zip archive, containing a malicious JavaScript file. On execution, this JavaScript downloads and launches banking malware on to the victim’s computer that steals their personal and private information and leaves them vulnerable to the mercy of their attackers.