A recent report indicates that WordPress site administrators are becoming target to a global phishing scam. It is being orchestrated by an unknown criminal collective, its main goal seems to be the acquisition of sensitive information by coercing the targets into revealing them voluntarily.
Global Phishing Attacks Against WordPress Site Owners Identified: Be Careful!
Security analysts that are tracking the global phishing scam campaigns have noticed a large surge in WordPress intrusion attempts. It appears that one or several hacker collectives are targeting web site administrators. The main method is the creation of scam email messages that feature the design elements, layout and contents of legitimate messages that appear as being sent by the system. The fake emails are fake copies of real system messages that inform the users that they need to update their system.
Upon clicking on the embedded link the WordPress users will be redirected to a fake login page. They will request the following information:
- Site Name
- Administrator User Information
The account credentials will be shown automatically hijacked and stored in a database. There are two malicious practices that are associated with this type of behaviour:
- WordPress Site Hijack — Whenever the login credentials of a site are stolen the hacker operators will be notified. Using the hijacked username and password combination they will be able to login into the victim sites and overtake complete control.
- WordPress Credentials Theft — All collected information will be stored in a large-size database that can then be offered on the underground hacker markets for sale. Prospective buyers can use the information for marketing or blackmail purposes.
There are several checks that can help protect the receiving users from becoming victims — watch out for any spelling or grammar mistakes, (Read more...)
*** This is a Security Bloggers Network syndicated blog from How to, Technology and PC Security Forum | SensorsTechForum.com authored by Martin Beltov. Read the original post at: https://sensorstechforum.com/wordpress-site-owners-targeted-global-phishing-scam/