"WordPress Hack" spam has been big lately. This is an old spammer trick, taking advantage of a WordPress exploit. But due to the size of this campaign, we wanted to make sure you know how to avoid being duped in case your antispam program is unable to keep up with it.
How WordPress Hack Spam Works
Here's how it works. WordPress is a very popular content management system that is used to create website, blogs, etc. Like many other systems, it is susceptible to "exploits", where people take advantage of some vulnerability in its code to make it do what they want.
In the case of email spam, the scammer usually hacks into someone's WordPress installation and installs or replaces a file there. The file itself doesn't do anything malicious (like download a virus). Instead, it redirects anyone who browses to that page to the spammer's website somewhere else on the Internet.
This is a popular technique because antispam programs that block based "click-me" links to known spam websites would filter out the email if the link went directly to the spammer's page. So, the spammer uses a link to a website that looks neutral, which then redirects the user to somewhere dangerous.
Easy to Spot
This type of spam is easy to identify. If you hover over the link in your browser, you'll probably see that it points to a web page with "WP-Admin", or something like that, in the pathname. No legitimate email would contain such a link, because there is almost no reason most people would need to go to a page like that.
Even though this is easy for humans to identify, antispam programs that don't filter based on patterns and don't have live threat analysts will probably take a while to recognize this campaign. Our usual advice applies. NEVER click on a link in an email, especially if it's an email you're not expecting.
We employ 24/7/365 threat analysts who constantly update our database to keep up with new threats. They can identify such spam very quickly and block it. Then, any future emails using that hacked page will also be blocked.
Our threat analysts have seen and blocked an enormous amount of WordPress spam in the last few weeks, protecting customers from untold danger. Instead of relying solely on "click-me" links or Bayesian Heuristics, we have additional filters to ensure that sophisticated spam campaigns don't get through. That includes what we call "phrase" filters, which blocks based on complete phrases that we know would never occur in legitimate email.
It also includes "pattern" filtering that knows the tricks spammers use to try to fool antispam programs. That's what we used to block this campaign. As soon as we see a new WordPress hack spam, we add it to our pattern database and block future occurrences. The only way to do that is with a 24/7/365 live threat review team, like we've got.
For More Info
SpamStopsHere works differently from other anti-spam programs. It blocks 99.5% of spam while delivering over 99.999% of legitimate emails. That means we block fewer that 1 out of 100,000 good emails, which is why businesses and professionals love our service.
Our spam review team, along with our proprietary Spamalyzer 3.0, analyzes and blocks email threats for our customers 24/7/365. That's a claim almost no other antispam provider can make.
The "WordPress" name is owned by the WordPress Foundation. This article is for informational purposes. Nothing in this article is meant to suggest an affiliation with or endorsement by the WordPress Foundation or the WordPress open source project.