Our email spam filters have recently caught a fairly sophisticated phishing attempt.
Phishing is where an attacker tries to trick you into providing confidential information – see the definition of phishing on Wikipedia – in this case the login details to a WordPress site.
The email cites a bogus error message and provides a link to log in to the administration pages of the attackers site. Clicking on this link and entering login details would probably result in a failed login, however the details would be recorded and then used by the attacker to log in to the real site.
Detecting phishing emails
How can you tell this is a phishing email that should be ignored?
- It’s asking the recipient to go to a page and login
- The page linked is not a valid domain name, it is an IP address
And for the more technical:
- If the error were genuine, no pages on the site would work, including the login page.