Security: WP Phishing Email

LEIFQ on December 5, 2023

Lots of buzz the past few days about a very convincing and dangerous phishing email campaign currently targeting WordPress site owners.

I figured it was an appropriate topic to start posting here again.

In thru the backdoor

In short, the goal is to alarm site owners into installing an ‘important security patch’ via a plugin. The plugin actually contains malware that installs a backdoor into the website.

WordFence first broke the story on Dec 1st (as an avid user, I got an email notification), followed by Patchstack, BleepingComputer, and finally, WordPress News.

Article Links

Rather than rehash already good coverage on the topic, I’ll just drop those links here:

WordFence – https://www.wordfence.com/blog/2023/12/psa-fake-cve-2023-45124-phishing-scam-tricks-users-into-installing-backdoor-plugin/

Patchstack – https://patchstack.com/articles/fake-cve-phishing-campaign-tricks-wordpress-users-to-install-malware/

BleepingComputer – https://www.bleepingcomputer.com/news/security/fake-wordpress-security-advisory-pushes-backdoor-plugin/

WordPress News – https://wordpress.org/news/2023/12/alert-wordpress-security-team-impersonation-scams/

photo credit: CC0 licensed photo by Blazej Zablotny from the WordPress Photo Directory: https://wordpress.org/photos/photo/997645e3d8/

Related

Category: Updates
Tag: emails, phishing, psa, scams, security, WordPress