I can confirm this, I just received this email while checking my mail at school. I was slightly confused by the email since it claimed that a payment of $400 was rejected, which is actually the exact amount I am getting paid for a job I did recently. But then I hovered over the links and noticed that they were actually the url you’ve posted.
Took me a while to find this thread since I’m assuming this scam is new, judging by the fact that this was started 13 minutes ago.
Moderator
Jan Dembowski
(@jdembowski)
Forum Moderator and Brute Squad
I just want to report an online banking scam which is using wordpress for its theme.
That’s horrible and it really sucks when people do that. Unfortunately there’s not anything anyone here can do about it. WordPress.ORG is an open source project that provides the software and can’t enforce or tell people how it’s used.
If you’d like, you can identify that site’s host provider and report that site to the host.
http://www.whoishostingthis.com/
Which looks like it’s being hosted by China Telecom Shanghai. Aside from that there’s not much more info that I can provide.
WordPress.ORG is an open source project that provides the software and can’t enforce or tell people how it’s used.
In my opinion an exception should be made in circumstances like this. WordPress should update their license agreements
It would be great to think that through wordpress we could do something about these scammers.
Unfortunately, there’s nothing anyone at WordPress can do. Often it’s a case of an insecure site or server that’s been compromised (regardless of the platform) by a third party – and very possibly without the knowledge of the site owner or admin. Bringing it to the attention of the site admin or the hosting company is sometimes enough to prompt action.
Probably the best you can do is run the whois info and report the suspected abuse to the admin contact listed in the information, or to the hosting company itself. Sometimes a clear violation of a hosts TOS will prompt them to get involved.
whoops! I’m a bit slow today … what Jan said 🙂
Thread Starter
gayle1
(@gayle1)
Hmm, a bit complicated. I have found that it is hosted by China Telecom Shanghai, but after a few links here and there it is proving too difficult to find a way to contact them online.
Anyway, I just hope this is a timely warning for all concerned.
That could have been disastrous Zombiekiller. Fortunately, I don’t even have a Westpac bank account, nor am I expecting any contact with the ATO; so it was immediately suspicious to me.
Thanks everyone. We will just have to leave it to Westpac themselves.
What Provider is this used on?
Thread Starter
gayle1
(@gayle1)
The email return address is [ email redacted ] but of course that goes nowhere so I am not sure who the provider is. I would say it is being emailed directly from the website I mentioned in the first post. Or are you asking who the provider is of the recipients? Do you think we have a leak in the addresses on our providers? Perhaps I will also report it to my provider; and to Trend Micro. Can never go too far in nabbing these scammers. I love the internet community, forums of like-minded people etc. These scammers are rotten smelly apples in the barrel.
Here is the e-mail contact from the WhoIs: [ email redacted ],
and here is the source of the script: http://atamannakliyat.com/
http://www.whois.com/whois/atamannakliyat.com
[ email redacted ]
Send an e-mail to each of all of those since it is difficult to believe that company knows its site is being used in that way.
Edit: I just sent a link to this thread to all three and none of them bounced back at me.
Thread Starter
gayle1
(@gayle1)
Thanks leejosepho. I didn’t think to do that as I presumed they would know. But as you say, they might be as much the victim here. I will let them know.
Moderator
Jan Dembowski
(@jdembowski)
Forum Moderator and Brute Squad
Side note: They’re scammers and while I do hope a house lands on them (bonus points for any flying monkey references) please do not post email addresses in these forums.
*Drinks coffee*
Got it, and please forgive me there.
Andrew Nevins
(@anevins)
WCLDN 2018 Contributor | Volunteer support
You have been removed from Santa’s naughty list.
Many thanks! I actually did already know better than to post an e-mail address, but I failed to stop and think long enough to realize that policy does not distinguish encoded
from “hot”.