A recent report indicates that WordPress site administrators are becoming target to a global phishing scam. It is being orchestrated by an unknown criminal collective, its main goal seems to be the acquisition of sensitive information by coercing the targets into revealing them voluntarily.
Global Phishing Attacks Against WordPress Site Owners Identified: Be Careful!
Security analysts that are tracking the global phishing scam campaigns have noticed a large surge in WordPress intrusion attempts. It appears that one or several hacker collectives are targeting web site administrators. The main method is the creation of scam email messages that feature the design elements, layout and contents of legitimate messages that appear as being sent by the system. The fake emails are fake copies of real system messages that inform the users that they need to update their system.
Upon clicking on the embedded link the WordPress users will be redirected to a fake login page. They will request the following information:
- Username
- Password
- Site Name
- Administrator User Information
The account credentials will be shown automatically hijacked and stored in a database. There are two malicious practices that are associated with this type of behaviour:
- WordPress Site Hijack — Whenever the login credentials of a site are stolen the hacker operators will be notified. Using the hijacked username and password combination they will be able to login into the victim sites and overtake complete control.
- WordPress Credentials Theft — All collected information will be stored in a large-size database that can then be offered on the underground hacker markets for sale. Prospective buyers can use the information for marketing or blackmail purposes.
There are several checks that can help protect the receiving users from becoming victims — watch out for any spelling or grammar mistakes, check the security certificates and the domain name and address used in the fields. These are the most common values that can be modified and are the result of a scam email.
As these WordPress phishing scam attacks are the product of social engineering we anticipate that future campaigns might come up with a more complex scenario. This is the reason why site administrators and computer user in general should be well-educated on recognizing fake emails.
We remind our readers that take over of WordPress sites can cause considerable damage to the Internet visitors as well — the pages and posts can be replaced by malicious scripts and the site itself can serve as a platform for spreading various viruses. If the sites themselves contain the credentials of several users then identity theft and financial abuse crimes can be expected.