WordPress email phishing scam?
-
I got a suspicious email apparently from WordPress, requiring me to verify my email. When I clicked the email link it directed me to a suspicious website. I have changed my email and WP details as a precaution. Is this a scam?
It came from this email address: (email visible only to moderators and staff)
Below is the email:
—-
We noticed that you need to verify your email address. All you need to do is click the button below (it only takes a few seconds). You won’t be asked to log in to your WordPress.com account – we’re simply verifying ownership of this email address.Verify your email address
If you don’t verify your email address, we’re required to temporarily put your website on hold until verification is complete.*
Thanks for being a WordPress.com customer.
Sincerely,
WordPress.com
—–The blog I need help with is: (visible only to logged in users)
-
Hi there,
Did you recently buy a domain name from us? I don’t see one in your account, so I can only assume you bought one using a different account.
All domain names on the web are regulated by an organisation called ICANN. ICANN requires all domains to have valid contact information attached to them, and require registrars to verify the contact email when someone buys a domain, or suspend the domain if the information cannot be verified.
That email is sent by our registrar from the email address you provided. You can see an exact copy of that email in our support documentation here:
https://en.support.wordpress.com/register-domain/#email-validation-and-verification
If you’ve recently bought a domain, please verify your contact information via the button in that email, or your domain will be suspended.
-
I got a message like this too. I consider it very suspicious because I did not renew the domain name when it became due several months ago. I have no wordpress account registered at the particular email address to which this message was sent. And in fact the message doesn’t say what WordPress account they are talking about. I’m very leery of it.
-
That email won’t be sent to your WordPress.com account email. It is sent to the email you provided in your domain contact details. What is the domain name that you used to own? There is no domains in the account you’re using to post here, and I have no way of checking on this for you if you don’t provide the actual domain.
If the email is from sales @ secureserver.net, it is from our registrar and is legitimate. That is all I can tell you without having any other information.
-
Sorry for the late reply. I had a domain name on another account that is linked to this one, but was registered under a different name and email. (that email got not notification)
The domain name expired in August 2016 and I decided not to renew it.
panfineart.com -
What made me suspicious of the link, was when I clicked on it (sourced from the email) it redirected me to a page that had Chinese characters in the title page.
Even if it was official it looked like a phishing scam from my end. -
The Chinese text at the verification link is a problem at our registrar’s end which we’ve reported to them, but which they haven’t fixed yet.
I completely understand why it would make you suspicious, but the email was genuine. You shouldn’t have received it after letting the domain expire, but I see the domain is no longer with our registrar at this point, so you shouldn’t receive any more emails regarding it.
-
Thank you for the clarification.
If you cannot alter the text from the verification link then perhaps put a note on the emails?
Even if I still maintained that address, I’d be suspicious and hesitant to click that link because of that.Anyway, I understand and thank you for your kind services.
-
I really wish we could do that, but the verification process is completely in control of our registrar, so we don’t even control the text of the emails. We’re working to improve this situation, but it unfortunately takes time :)
- The topic ‘WordPress email phishing scam?’ is closed to new replies.
WordPress.com Forums 