This morning after a report made by a customer, we have concluded that there is a wide-spread attempt to exploit login credentials from users of WordPress sites that are using their email address as their username (which is the default for any kind of 3rd party login).
It would seem the more popular we get, the more scammers and fraudsters target us and our customers.
The best defense for these attacks is to be informed and in effort to do just this, we will take you through 5 steps to take when getting a suspicious email claiming to be from your WordPress site or your vendor’s WordPress site.
CHECK SERVER MESSAGES
Most emails attempting to steal your username and password will fake the email and many email servers will alert you of this. Google and our own email servers will generally classify these emails as spam.
LOGIN MANUALLY – ALWAYS
When you get an email from your WordPress website asking you to login; go to your website manually and do not use any links included in that email (except for password resets).
RESETTING YOUR PASSWORD
Your WordPress website will NEVER prompt you to reset your password out of nowhere unless someone is trying to break into your website. Simply ignore the email if it is unexpected. If you have forgotten your password, visit the login page of your WordPress website and click “Forgot Password” and follow the instructions there.
CHECK UNIFORMITY
Most WordPress websites have the same “from” email address and name. If you notice that this changes, it usually means someone is attempting to mimic your website. Ignore the email and instruct your customers to ignore the email.
THE SMELL TEST
If it doesn’t pass the smell test, contact us. We’ll help you figure out whether or not something is very wrong with your website, or if someone is trying to steal your (or your customer’s) login credentials.
We are constantly striving to improve the security for our customers and their customers. If you have any questions or suggestions, please do not hesitate to reach out to us.
