WordPress Renewal Phishing

Posted byKendall DunkelbergPosted inTechnologyTags:, , , , , ,

Today I got a couple of emails reminding me that my WordPress renewal is tomorrow. I thought that was odd, since I’m on auto-renew and don’t have to manually pay my bill. That’s when I noticed the email was from a user at “hosting.com” and the link address was to some long url that wasn’t associated with WordPress at all.

I’m pretty cautious about clicking any links in email, and I was already suspicious from the outset, but it did look like a WordPress reminder. And my renewal is coming up, though not tomorrow, by the way. I went into the app and checked, also checking to make sure my payment info was still correct. Everything is good, and I can delete that email. But first I thought I ought to post about it as a reminder and a warning to other WordPress users.

Of course, one lesson is to never click a link in an email unless you trust the person who sent it to you. Even then, double-check, since it could be someone masquerading as that person or company. I’ve seen this kind of phishing from PayPal and Amazon and countless other places, but this is the first one I’ve noticed that was spoofing WordPress.

So far, I haven’t fallen prey to any phishing attempts, but I’ve known plenty of people who have, even people who are smart enough to be careful. It happened to my mother once, but fortunately she talked to me and we were able to extricate her before any irreparable damage was done. It happened to a colleague whose husband happened to check in on her before she got too deep into a call. I say this because we can all become too stressed out, confused, or just rushed and then do something we regret. The last thing I want to do is to think that it couldn’t happen to me.

But the only way to keep it from happening is to stop and think before clicking, which is not always easy to remember. Look for anything suspicious. Hover your mouse over that link to see if it goes where you think it goes, or better yet, close that email, go to the app or the website and verify for yourself whether there’s anything you need to do. If there is, there will be a notice on your account. An email or text will not be the only way a company will notify you.

Though this attempt at phishing didn’t fool me, I can see how it could. Be careful out there! And stay safe.

Published by Kendall Dunkelberg

I am a poet, translator, and professor of literature and creative writing at Mississippi University for Women, where I direct the Low-Residency MFA in Creative Writing, the undergraduate concentration in creative writing, and the Eudora Welty Writers' Symposium. I am Chair of the Department of Languages, Literature, and Philosophy, and I have published four collections of poetry, Tree Fall with Birdsong, Barrier Island Suite, Time Capsules, and Landscapes and Architectures, as well as a collection of translations of the Belgian poet Paul Snoek, Hercules, Richelieu, and Nostradamus, and the textbook A Writer's Craft: Multi-Genre Creative Writing. I was born and raised in Osage, Iowa, and have lived for over thirty years in Columbus, Mississippi, where my wife Kim and I let wildflowers grow in our yard to the delight of spring polinators and only some of our neighbors.

One thought on “WordPress Renewal Phishing

  1. Tonight I got another email saying that my domain renewal hadn’t gone through. But the thing is, my domain renewed months ago, and the email address and address in the link to update my payment info both didn’t have WordPress.com in them. Once again, I checked the WordPress app to verify that there wasn’t an issue with payment. Just don’t click on those links in email unless you know for sure who is sending it to you and why. Alwys verify before handing out payment info!

    Reply

Leave a comment