Password reset text message scam?
-
Today I received a text message in two parts (from two different phone numbers) sending me a code with which to reset my WordPress password. The message stated:
Votre code de réinitialisation du mot de passe WordPress.com est: nnnnnnnn. Si vous n’avez pas demandé la réinitialisation de votre mot de (1 de 2)
passe, ignorez ce message. (2 de 2)
The first part of the message came from +1 (833) 278-8299 and the 2nd part was from +1 (833) 934-0554
Needless to say I had not requested a password reset on my WordPress account so either this is a scam of some sort or someone attempting to gain access to my account?
The message does not specify the WordPress account name.
I am trying to work out if this is a scam where someone has just sent a speculative message out to a random number which happens to be mine, or is someone trying to get access to my WordPress account?
When WordPress sends a password reset code to a phone number, are they using a stored phone number from your profile or does the user specify a number as part of the request? Also, how do I ascertain whether the phone numbers above actually belong to WordPress? Also is it normal for a two part message to come from different numbers?
I have 2FA enabled on my WordPress account so I’m hoping that if I just ignore this message, my account will be safe?
The blog I need help with is: (visible only to logged in users)
-
Did a little more checking…
1. A minute or two after the text I received an email saying someone had requested a password reset on my account and it named the account.
2. In the recovery settings for my WordPress account, the recovery SMS number is ‘Not set’, so I’m puzzled how my mobile number was used.
- The topic ‘Password reset text message scam?’ is closed to new replies.
WordPress.com Forums 