Deceptive Email Warning:
- Caution: A fraudulent email is circulating, falsely alerting users to a WordPress vulnerability (CVE-2024-46188 Patch).
- The email urges admins to download and install a plugin for a fake security issue.
- It originates from help-wordpress.org, which is not an official WordPress domain.
Scam’s Objective:
- Aims to gain unauthorized access to WordPress sites.
- Installing the fake plugin may lead to data theft and other malicious activities.
Recognising Red Flags:
- Suspicious Email Address: Help-wordpress.org is not an official WordPress domain.
- Unverified Vulnerability Claim: “CVE-2024-46188 Patch” not recognized by official sources.
- Urgent Call to Action: Scammers use urgent language.
Staying Safe:
- Redback Creations do regular updates for their WordPress clients.
- Verify Sources: Confirm security alerts on the official WordPress website or contact support.
- Use Trusted Plugins: Install only from the official repository or trusted developers.
- Be Cautious with Emails: Be skeptical of unsolicited emails, especially those urging immediate action.
If you receive emails like this and are a Redback Creations client, please reach out to us before proceeding with any updates. If you are not associated with Redback Creations, consult your website developer or hosting company to ensure that downloading plugins won’t expose your website to the risk of hacking and data theft.
This is an example of the email:
You can find out more here: https://patchstack.com/articles/fake-cve-phishing-campaign-tricks-wordpress-users-to-install-malware/
