Security: WP Phishing Email
Lots of buzz the past few days about a very convincing and dangerous phishing email campaign currently targeting WordPress site owners.
I figured it was an appropriate topic to start posting here again.
In thru the backdoor
In short, the goal is to alarm site owners into installing an ‘important security patch’ via a plugin. The plugin actually contains malware that installs a backdoor into the website.
WordFence first broke the story on Dec 1st (as an avid user, I got an email notification), followed by Patchstack, BleepingComputer, and finally, WordPress News.
Article Links
Rather than rehash already good coverage on the topic, I’ll just drop those links here:
Patchstack – https://patchstack.com/articles/fake-cve-phishing-campaign-tricks-wordpress-users-to-install-malware/
BleepingComputer – https://www.bleepingcomputer.com/news/security/fake-wordpress-security-advisory-pushes-backdoor-plugin/
WordPress News – https://wordpress.org/news/2023/12/alert-wordpress-security-team-impersonation-scams/
photo credit: CC0 licensed photo by Blazej Zablotny from the WordPress Photo Directory: https://wordpress.org/photos/photo/997645e3d8/