Support » Requests and Feedback » WordPress being used in scam

  • Resolved gayle1

    (@gayle1)


    Hi everyone, This is not really a request for features. I just want to report an online banking scam which is using wordpress for its theme. I guess there is nothing that can be done about it, but I wonder if WordPress themselves can have a say.
    I have forwarded the scam email to Westpac (bank in Australia) for their investigation.
    This is the address of the site being used (and where unsuspecting, unobservant people will end up and insert their banking login) http://www.androm.cn/wp-content//themes/index.php
    It would be great to think that through wordpress we could do something about these scammers. WordPress is fantastic with what it offers to the public who perhaps cannot afford professionals to build their sites; it is shocking to see someone like this taking advantage of WordPress’ generosity.

Viewing 14 replies - 1 through 14 (of 14 total)
  • I can confirm this, I just received this email while checking my mail at school. I was slightly confused by the email since it claimed that a payment of $400 was rejected, which is actually the exact amount I am getting paid for a job I did recently. But then I hovered over the links and noticed that they were actually the url you’ve posted.

    Took me a while to find this thread since I’m assuming this scam is new, judging by the fact that this was started 13 minutes ago.

    Moderator Jan Dembowski

    (@jdembowski)

    Forum Moderator and Brute Squad

    I just want to report an online banking scam which is using wordpress for its theme.

    That’s horrible and it really sucks when people do that. Unfortunately there’s not anything anyone here can do about it. WordPress.ORG is an open source project that provides the software and can’t enforce or tell people how it’s used.

    If you’d like, you can identify that site’s host provider and report that site to the host.

    http://www.whoishostingthis.com/

    Which looks like it’s being hosted by China Telecom Shanghai. Aside from that there’s not much more info that I can provide.

    WordPress.ORG is an open source project that provides the software and can’t enforce or tell people how it’s used.

    In my opinion an exception should be made in circumstances like this. WordPress should update their license agreements

    It would be great to think that through wordpress we could do something about these scammers.

    Unfortunately, there’s nothing anyone at WordPress can do. Often it’s a case of an insecure site or server that’s been compromised (regardless of the platform) by a third party – and very possibly without the knowledge of the site owner or admin. Bringing it to the attention of the site admin or the hosting company is sometimes enough to prompt action.

    Probably the best you can do is run the whois info and report the suspected abuse to the admin contact listed in the information, or to the hosting company itself. Sometimes a clear violation of a hosts TOS will prompt them to get involved.

    whoops! I’m a bit slow today … what Jan said 🙂

    Thread Starter gayle1

    (@gayle1)

    Hmm, a bit complicated. I have found that it is hosted by China Telecom Shanghai, but after a few links here and there it is proving too difficult to find a way to contact them online.
    Anyway, I just hope this is a timely warning for all concerned.
    That could have been disastrous Zombiekiller. Fortunately, I don’t even have a Westpac bank account, nor am I expecting any contact with the ATO; so it was immediately suspicious to me.
    Thanks everyone. We will just have to leave it to Westpac themselves.

    What Provider is this used on?

    Thread Starter gayle1

    (@gayle1)

    The email return address is [ email redacted ] but of course that goes nowhere so I am not sure who the provider is. I would say it is being emailed directly from the website I mentioned in the first post. Or are you asking who the provider is of the recipients? Do you think we have a leak in the addresses on our providers? Perhaps I will also report it to my provider; and to Trend Micro. Can never go too far in nabbing these scammers. I love the internet community, forums of like-minded people etc. These scammers are rotten smelly apples in the barrel.

    Here is the e-mail contact from the WhoIs: [ email redacted ],
    and here is the source of the script: http://atamannakliyat.com/
    http://www.whois.com/whois/atamannakliyat.com
    [ email redacted ]

    Send an e-mail to each of all of those since it is difficult to believe that company knows its site is being used in that way.

    Edit: I just sent a link to this thread to all three and none of them bounced back at me.

    Thread Starter gayle1

    (@gayle1)

    Thanks leejosepho. I didn’t think to do that as I presumed they would know. But as you say, they might be as much the victim here. I will let them know.

    Moderator Jan Dembowski

    (@jdembowski)

    Forum Moderator and Brute Squad

    Side note: They’re scammers and while I do hope a house lands on them (bonus points for any flying monkey references) please do not post email addresses in these forums.

    *Drinks coffee*

    Got it, and please forgive me there.

    Andrew Nevins

    (@anevins)

    WCLDN 2018 Contributor | Volunteer support

    You have been removed from Santa’s naughty list.

    Many thanks! I actually did already know better than to post an e-mail address, but I failed to stop and think long enough to realize that policy does not distinguish encoded from “hot”.

Viewing 14 replies - 1 through 14 (of 14 total)
  • The topic ‘WordPress being used in scam’ is closed to new replies.