Update 4/2/24: Just got 3 mails today that looked exactly like this, came from [email protected] (2nd of April 2024) - SanderDel

Update 2/5/24: This email is still going around! We just had a client get it from "mailsync-wordpress.org". Again, don't download the plugin!

In the digital world, staying vigilant against cyber threats is crucial, especially for those managing WordPress websites. Our attention was drawn to a new email scam on Jan 5th, 2024 when a client forwarded us an email, asking for assistance in installing a supposed security plugin. Upon investigation, we discovered it was a fraudulent attempt to compromise WordPress sites. Here's what you need to know to protect yourself.

The Deceptive Email

The email with fake info

The email in question warns WordPress site owners about a supposed vulnerability, referenced as "CVE-2024-46188 Patch". It urges recipients to immediately download and install a plugin to patch this security hole. However, WordPress users should be aware that this is a scam. The email, originating from the domain help-wordpress.org, is not associated with the official WordPress team.

The Danger Behind the Scam

The primary aim of this scam is to gain unauthorized access to WordPress sites. By convincing site owners to download and install the fake plugin, scammers can infiltrate websites, steal sensitive data, and potentially engage in other malicious activities. It's crucial for WordPress users to understand that installing this plugin or even clicking on the provided link could compromise their site's security.

Recognizing the Red Flags

  1. Suspicious Email Address: The email comes from help-wordpress.org, which is not an official WordPress domain. Official communications from WordPress will always come from a wordpress.org or wordpress.com email address. Update: People have since commented and told us their email has come from different email addresses. Here they are: mailserver-wordpress.org, news-wordpress.org, mailer-wordpress.org, mailsync-wordpress.org

  2. Unverified Vulnerability Claim: The mentioned "CVE-2024-46188 Patch" is not recognized in official WordPress advisories or by credible cybersecurity sources.

  3. Urgent Call to Action: Scammers often use urgent language to pressure recipients into acting without thinking. Genuine security updates from WordPress are never communicated in this manner.

Staying Safe

To protect yourself and your website from such scams:

  • Verify Sources: Always check the authenticity of any security alert by visiting the official WordPress website or contacting their support team.

  • Regular Updates: Keep your WordPress site, themes, and plugins updated with the official updates provided through your WordPress dashboard.

  • Use Trusted Plugins: Only install plugins from the official WordPress plugin repository or trusted developers.

  • Be Cautious with Emails: Treat unsolicited emails with skepticism, especially those that prompt immediate action.