603-924-9867
websites@charlesworks.com

Veteran owned and
operated since 1998

WooCommerce plugin version check (Your domain) SCAM

by | Oct 23, 2024 | Phishing, Scams and Spoofs, WooCommerce, WordPress

Introduction to the WooCommerce Plugin Version Check Scam

Beware! A new phishing scam – the WooCommerce Plugin Version Check scam – is actively targeting WordPress users with WooCommerce plugins. The scammers are sending phishing emails that impersonate legitimate WordPress communications. Scammers aim to trick unsuspecting domain owners into visiting fake websites at update-plugins.org and wrdp-update.org, designed to mimic the official WordPress.org site. Both domains registered yesterday on October 22, 2024, making this scam brand new and likely to catch many people off-guard.

How the WooCommerce Plugin Version Check Scam Operates

The phishing email claims there are vulnerabilities in WooCommerce that require immediate attention. It prompts the recipient to click a link and log in to verify or update their plugin. Clicking the link redirects the user to the scam site. The site mimics WordPress’s branding to appear legitimate. If the user enters their credentials, the scammers gain unauthorized access to the victim’s WordPress installation, leaving the door wide open for further malicious activity such as stealing personal data, injecting malware, or even defacing websites.

Screenshots of the Phishing Attempt

The scammer sent the phishing email to CharlesWorks as part of their attempt. Below is a screenshot of the actual email.

WooCommerce phishing email

Notice that the email displays no images. My web version of Outlook blocks automatic image downloads from unknown senders. This important security feature prevents the sender from confirming whether I received and opened the email. I strongly encourage everyone to configure their email client similarly to block images by default.

The following screenshot captures the fake WooCommerce plugin check page on the phishing domain:

update-plugins.org phishing page

How Phishing Scams Work

Phishing scams rely on social engineering tactics to exploit human psychology. Attackers design emails to look authentic, often imitating trusted entities like WordPress or your web host. They prey on urgency—claiming your website is vulnerable, your account will be suspended, or that your plugins need immediate attention. This particular scam is especially dangerous because it leverages WooCommerce, a plugin many businesses rely on to operate online stores, thus increasing the likelihood of someone acting without thinking.

How to Protect Yourself

Here are some best practices to follow to avoid becoming a victim of phishing:

  1. Verify the Sender’s Email Address – Be cautious of emails with unusual sender addresses or unexpected messages.
  2. Hover Over Links Before Clicking – Check if the URL matches the legitimate site. In this case, update-plugins.org is a clear red flag.
  3. Enable Image Blocking in Your Email Client – As shown in the screenshots, this prevents attackers from knowing if their message was opened.
  4. Contact the Source Directly – If you receive suspicious emails, contact WordPress or the plugin provider directly to confirm.
  5. Use Multi-Factor Authentication (MFA) – Enable MFA for your WordPress account to prevent unauthorized access, even if your password is compromised.
  6. Be Skeptical of Urgent Requests – Scammers often use urgent language to push you into making rash decisions.

Important Note about CharlesWorks and WordPress Communication

CharlesWorks NEVER sends emails asking users to click on links to check or update plugins. From my experience, WordPress also does not email users in this way. Treat any such communication as suspicious and investigate it thoroughly before taking any action.

More Resources on Phishing Scams

To learn more about phishing scams, how they operate, and how to protect yourself, visit the Federal Trade Commission’s (FTC) phishing resource page.

Some articles regarding phishing and other scams we’ve put out are here:
Beware of BOI Filing Scams Targeting Small Businesses
Caution: The “Pig Butchering” Phishing Expedition
Avoiding New Phishing Pitfalls: A Personal Encounter

Some solutions that can help:
CleanTalk: The Best Security and AntiSpam Plugin Used by CharlesWorks

UPDATE 10/24/2024

We are pleased to report that the two domains mentioned have been taken down after being reported through their registrar’s abuse channels. Hopefully this minimizes the damage done by the criminals perpetrating these cybercrimes.

Response to phishing complaint

We at CharlesWorks care about out clients. Stay safe out there, and remember: Always use caution before you click!

CLICK HERE to find your domain name!   CLICK HERE to transfer your domain name!

Archives

Tags

24 hour (1) Accessibility (2) Accounting (1) Advertising (16) AdWare (1) Alex Johnson (2) Alignment (1) Android (2) Anti-Virus (1) Antivirus (1) Antrim Computer Repair and Service (3) APC Back-UPS (1) Appearance (2) Apple Mail (4) Apple Mobile Mail (2) Attachments (1) Audit (1) Authorized (1) Autoresponder (5) Availability (1) Backups (1) Badges (3) Bank Account (1) Bank Statement (1) Battery Backup (2) Better Business Bureau (3) Bob Hill (1) Bookkeeper (1) Branding (8) Budget (2) Business (29) Business Management (1) Catalog (1) Categories (1) Charles Oropallo (1) CharlesWorks (42) Cherryl Jensen (1) Chrome (1) CleanTalk (1) Cloud (1) Code (2) Communicating (1) Competition (1) Computer (2) Computer Cache (1) Computer Hardware (1) Computer Security (2) Constant Contact (1) Consultation (1) Contact Information (2) Content (1) Content Management (39) Content Management System (1) Copiers (1) Copy Machine (1) Coronavirus (2) Courteous (1) COVID-19 (3) Credibility (9) Credit Card (1) Credit Card Processing (1) CSS (9) Customer Service (2) Database (1) Debian (1) Design (49) Design Expertise (1) Desktop (1) Dialup (1) DirectAdmin (4) Directions (1) DIVI (7) DNS (2) Do-it-Yourself (1) Documentation (1) Domains (18) Domain Transfers (5) E-Commerce (1) ecommerce (1) Elementor (1) Email (65) Email Lists (4) Email Management (4) Email marketing (4) Etiquette (3) Eudora 6 (1) Exchange (1) Expanding (1) Facebook (2) Financial (1) Finish (1) Firefox (1) Fonts (1) Forms (2) Forms Protection (1) Fraud (2) Galaxy S4 (1) General Info (1) Gmail (1) GoDaddy (1) Google (1) Google Adwords Certified Partner (1) Google Chrome (2) Groups (1) Happy Holidays (1) Hardware Help (1) Hill Specialty Networks (1) Hosting (1) Images (1) IMAP (1) include (1) Infected (1) Information (36) insert pages (1) Internet Browsing Errors (1) Internet Consultant (1) Internet Explorer (1) Joomla! (1) Keywords (2) Laptop (1) Legibility (1) Linux (12) Logging on (1) Macintosh (1) Mail 6.0 (1) Mail 2011 (2) Make-Over (1) Malicious (1) Malware (1) Marketing (8) Matt Burke (3) MDaemon (3) MelbourneIT (2) menu (1) Merchant (1) meta (1) Microsoft (1) Microsoft Edge (1) Microsoft Hosted Exchange (5) Microsoft Live (2) Mobile Email Setup (1) Monadnock Region (1) Mozilla Firefox (2) MySQL (1) Nathan Wesley (1) Netscape (1) Netscape Messenger (1) Office Copiers (1) OfficeLive (1) Online (1) Outlook (9) Outlook 2010 (2) Outlook Express (1) PayPal (1) Pay Per Click (2) PC (1) Personal (1) Peter Harris (1) Peter Harris Creative (1) Phishing (2) PHP (3) pixel (1) plugins (1) Pop Email (1) Popularity (1) Portfolio (1) Power Grid Failure (1) PPC (1) Prevent Fraud (1) Privacy (1) Private (1) Product (6) products (1) Professional (6) Projects (2) Protect (1) Protection (1) QR codes (1) Quality (2) QuickBooks (1) Reconciliation (1) Reduce Risk (1) Register (1) Reliability (2) Renew (1) Reseller (2) Resolution (1) Restrict User Access (1) Results (1) Review (2) Risk (1) Robin Snow (1) Roundcube (1) Safe (1) Samsung (2) Scam (18) Scammer (18) Search (1) Search and Replace (1) Search Engine Optimization (SEO) (21) Security (28) Security Risk (1) Selling (1) Servers (2) Service (11) Shopping Cart (1) Site (1) SmarterMail (9) Social Engineering (1) Social Networking (1) Software (1) solar flares (1) Solutions for Today (1) Spam (1) Spam Filtering (16) Spammer (1) Spyware (2) SquirrelMail (1) SSL (8) Statistics (2) Stats (2) Stone Pond Technology (1) Storage (1) Support (1) Tablet (1) Target Market (1) Technical Help (1) Testimonials (9) The CW Corner (1) Thom Little (1) Thom Little Associates (1) Thunderbird (3) Thunderbird 10 (2) TLD (1) Topic (1) Top Level Domains (3) Transaction (2) Transfer Data (1) Transfer Funds (1) Typography (1) Update (2) Uploading (1) UPS System (2) Up to Date (1) Virtualmin (1) Virus (2) Viruses (1) Vista (1) Web (1) Web-Over (1) Web Development (102) Web Hoster (1) Web Hosting (2) Web Hosting Company (1) Webmail (8) Web Mail (1) Webmaster (10) Webmin (1) Web Presence (28) Website (114) Website Development (1) websites (2) Web Stats (1) Web terms (1) Web Writing (1) Windows 7 (2) Windows Mail (6) Windows XP (1) WooCommerce (6) WordPress (90) WordPress Updates (1) Working Remote (2) Writing (1) YouTube (1)
Protected by CleanTalk Anti-Spam