Phishers Target WordPress Plugin Authors



WordPress

With the popularity of WordPress (72 million+ WordPress-powered sites) its not a surprise to see the increasing number or instances of attacks on blogs and websites running the software. The attacks are not only focused on the bugs and flaws of the software but also target the individuals using WordPress through malware-laced themes and plugins. Another thing to note is that the attacks are becoming not only more intense but also more creative.

Just found out today via WP Tavern that a new phishing scam is targeting WordPress plugin authors. Details about this new phishing scam was posted yesterday by a WordPress.org support forum moderator.

  • Sender : “WordPress.org“.
  • Address : “wordpressplugin[at]hotmail[dot]com“.
  • Subject : “[WordPress.org Plugins] Urgent: Your Plugin Has Been Removed DO NOT RESPOND“.
  • Message :

    Dear WordPress Plugin Developer,

    Unfortunately, a plugin you are hosting has been temporarily removed from the WordPress repository. We are going to manually review your plugin because it has been reported for violating our Terms of Service. If your plugin does not get approved then it will be permanently removed from the WordPress repository.

    You can check if your plugin has been approved or rejected at

    http://wordpress.org/extend/plugins/my-plugins-status/

If you’re a WordPress plugin author and you receive an email similar to this, DO NOT CLICK ON THE LINK! If you accidentally clicked on the link and got to the fake WordPress.org site, DO NOT ENTER YOUR ACCOUNT DETAILS!

This is not an official WordPress email. If in case your plugin has actually been removed, the real email notification from the WordPress repository would come from a WordPress.org account.

Any WordPress plugin authors here who received this phishing scam email?

Owner and editor of JaypeeOnline. Self-proclaimed geek. New media writer and consultant. WordPress advocate. Loves blogging, gadgets, video games and sports. You can follow him on Google+, Facebook or Twitter.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.