Why did I receive an email with ‘Login Details’ for an account I didn’t create?
-
Hi, this is somewhat of a repost from the WordPress.org forums. I’m hoping you can help me get to the bottom of what’s happened here.
I won’t go into too many details but I’ve been playing whack-a-mole with a fraudster who keeps trying to use my information for things. Thankfully, this person keeps failing to steal a red cent from me.
Yesterday I received an email from a (email visible only to moderators and staff), telling me that I’d received “Login Details” and could set up a password through the email. I’m not sure if this email is fraudulent (hence I haven’t clicked any links), or if this was telling me a site was actually made with my email.
Someone on the WordPress.org forum told me that this appeared to be a WordPress.com setup. I’d already had a WordPress.com account under this email from years ago, left untouched for the better part of a decade. I’d wondered if it had been hijacked, but I just logged in and there it was, unchanged. Is it possible for someone to start two different WordPress.com accounts with the same email?
Now here’s the weird part: I had tried to use the Account Recovery form, filling out my email and the username supplied in the suspicious email. The form told me my email and username matched and that I should use the standard account recovery instead. But entering my email into that yielded a password recovery for my old, untouched account. Entering the username didn’t give me a password recovery email at all.
If someone can help me understand what has happened here, I would appreciate it!
-
Hi there,
I can confirm that micaforce.wpcomstaging.com is a WordPress.com site. If you visit that site do you recognize it at all? Is it possible this is a site you set up on another account or a site that you have created an account on? I see there is a “login” page on that site.
What is the full text of the email you received?
Also to clarify, the email address (email visible only to moderators and staff) is not spam… WordPress sites on our “Business Plan” have a built in email system that uses the site URL. So an address with the format
(email visible only to moderators and staff)is an automated email from the site micaforce.wpcomstaging.com.Thanks for the additional info!
-
Thanks Jerry! I do not recognize the website when I go to it; it seems to have been set up by a company I’ve never heard of before.
Here is the full text of the email, slightly redacted:
“Username: [username that I don’t recognize and would not use]
To set your password, visit the following address:
[password reset links to the domain we have discussed]
If you have already set your own password, you may disregard this email and use the password you have already set.”
Thanks for the feedback, and please let me know if you have any further questions or tips.
-
Hi there,
If you’re not associated with that website, please disregard that email. It looks like that someone might’ve used your email address to access that site.
If you continue to receive emails from that site, please contact us again and we’ll further investigate.
- The topic ‘Why did I receive an email with ‘Login Details’ for an account I didn’t create?’ is closed to new replies.
WordPress.com Forums 