Wordfence Phishing Campaign Identified

We have been informed that several emails have been sent this week (part of a Wordfence phishing campaign), claiming to be from the Wordfence team and using the Wordfence logo for phishing Wordfence and WordPress users. The emails claim to be notifications of unauthorised logins to the user’s website and appear to include a link to the login page of that website in an apparent attempt to steal the user’s login credentials.

We advise all users to be vigilant against these phishing attempts and to never click on links in emails from senders they do not recognise. If you are still determining whether an email is legitimate, you can contact Wordfence directly for verification.

How to identify a legitimate email?

If you have received a suspicious email from Wordfence, there are a couple of telltale details that will ensure that you have a legitimate email:

• Wordfence notification emails are sent from an email address matching your website (typically Wordfence@[your-website-domain], although this can be set in the settings of your website.
• Messages sent from the Wordfence mailing list will be sent from list@wordfence.com and will show an unsubscribe link at the end of the email
• The CEO and founder, Mark Maunder, will not sign login notifications from Wordfence.

This phishing scam appears to be running through several custom domains posing as either Wordfence or the Wordfence team. Please take extra caution if you receive a Wordfence email that doesn’t appear to be genuine. If you click on the link in one of these emails, it will typically forward you to a WordPress login page, but it will not be on your website. The Wordfence team have identified and notified several vulnerable websites that appear to have been hacked to be used as a part of this phishing scam.

What to do next?

Suppose you receive one of these phishing emails. In that case, it is strongly suggested that you change your password on WordPress and consider setting up Wordfence Login Security (also known as Two Factor Authentication) as an additional precaution.

In addition to the security precautions mentioned above, it is also essential to consider other security measures on your website. With one of Link Digital’s Website Support Plans, we back up your website and database twice daily to ensure that even in a worst-case scenario, we can restore your website quickly and easily. We also ensure that your website has all of the latest theme and plugin updates installed, which significantly boosts the security of WordPress websites.

Our hosting plans offer malware scanning on all websites to ensure that you have a clean WordPress install. This means that our team of experts will regularly scan your website for any malicious code that could harm your website or visitors. If any malware is detected, our team will quickly remove it and keep your website safe. We also offer several other security features to protect your website, such as firewalls and intrusion detection systems. With our hosting plans, you can be confident that your website is safe and secure.

For more details from Wordfence – https://www.wordfence.com/blog/2023/07/psa-wordfence-brand-being-actively-used-in-phishing-campaigns/