Back in November 20025, I published a post, ‘The Latest Blogging and Publishing Scams You Need to Be Aware Of Now,‘ which outlined a number of scams aimed at bloggers, writers, and authors.
This week, I received an email that appeared to be from WordPress, but which raised my suspicions.
Firstly, I was fortunate that my email system identified the message as spam and moved it to my spam folder. However, it made me consider other WordPress bloggers who might have received or will receive the email, but whose antivirus or email security software does not recognise it as spam or a scam.
Here are two images of the email’s contents. I’ve highlighted some areas which I encourage you all to check before clicking on any link and risking becoming a victim of a scammer.
The image above may seem fine, but one clue indicates it’s not a genuine WordPress email. What is that clue?
- Not being addressed by name in any company email is a strong clue that the email is not genuine.
- The scammer simply said ‘Hello,’ which is a tactic used because addressing everyone by name is too time-consuming.
- Scammers send these emails to thousands of recipients hoping that some will respond.
- All the scammer needs is for one person to click the link to obtain login and username details.
- Once they have that information, they can lock you out of your blog and wreak havoc.
- Scammers are often more interested in obtaining any credit or debit card details you have on your account. If they obtain those details, they could go on a spending spree.
Here’s the next image.
- The scammer couldn’t even get the correct format for ‘WordPress’.
- The ‘P’ in ‘WordPress’ is always capitalised; the scammer missed this detail.
- The details after the first part of the email don’t match WordPress.
- The email address hidden behind what appears to be a WordPress email does not contain any WordPress information.
I was worried that somewhere out there, a scammer either has a list of email addresses for WordPress bloggers or has taken a chance, sending emails to addresses on a list, probably from the dark web. This email did not go to my private email address, but to the email address I use for my blog. I hate to think of my email address on a scammers’ list anywhere, but unfortunately, it can happen.
I contacted WordPress regarding the scam email, and they requested me to forward it so they could investigate.
If you receive a suspicious email from WordPress, the best way to report it is to forward it to phishing@automattic.com so their security team can investigate and act against the scammers.
As a quick tip:
- Legitimate WordPress.com emails always come from @wordpress.com or @automattic.com addresses. Note that any mention of WordPress before the ‘@’ will be the correct format of WordPress.
- They will never ask for passwords or payment info via email or a text message.
In the unlikely event that you click on any links or enter any information from a scam email that claims to be from WordPress, change your WordPress.com password as a precaution by visiting your ‘Profile‘ settings and selecting the ‘Security‘ tab.
If you are not sure or are suspicious of any email, always contact the company the email claims to be from before clicking any links or providing any information.
Summary:
- Always be aware of suspicious emails, not just from WordPress but from any company, especially if they include links and do not address you by name.
- Look for spelling mistakes, especially in the sender’s email address.
- Send any suspicious emails to the company they claim to come from. All reputable companies will have a dedicated email address for scam emails.
- Companies will never ask you for your passwords or payment information in an email or text message.
- If you click any suspicious links, change your password immediately.
Have you ever received a suspicious email claiming to be from WordPress or another service? What was your initial reaction? What steps do you take to verify the authenticity of an email before clicking on any links? Can you share any personal experiences with online scams you have encountered?
The featured image on this blog post is sourced from Pixabay. AI reviewed spelling and grammar errors.
You can follow me at the following sites.
Copyright @ 2026 hughsviewsandnews.com – All rights reserved.
Discover more from Hugh's Views & News
Subscribe to get the latest posts sent to your email.
Hugh's Views & News 
more shenanigans! Thank you for informing us.
You’re welcome.
Hi Hugh, I have not received an email like this from WP, but I keep receiving spam about my photos and videos being deleted, and giving me a link to click to update my info, it is incredible the lengths the spammers go to isn’t it? But thank god I’m tech savey, I know its a scam, I feel so bad for anyone whose caught by them and out thousands of pounds or euros or dollars!
Scammers will go to whatever lengths they can to get your money, Carol Anne. Good to hear you know what to look for when these scam emails arrive.
People do become victims of these scammers, usually because the email creates a sense of urgency and urges them to act immediately, rather than think it through first.
Thank you so much for this posting, Hugh! I haven’t received one (yet), but now I will be on high alert! Cher xoxoxo
You’re welcome, Cher. If you receive the scam email, I hope it goes straight to your spam folder.
Thanks, Hugh! I’ll be on the lookout! Cher xoxoxo P.S. There is an email coming your way very soon!
Wow, Thanks so much Hugh for this great Warning on how to avoid the hell of being scammed!!!
Chuck 😁✨👌👍
You’re welcome, Chuck. I always have my readers’ interests in mind, so this was a ‘must’ post.
And we are always so very grateful for everything you do, My Friend!!
😁🎁✨👍
Thanks, Hugh! I received such an email. I noticed the sender’s email. I went to my WordPress account and checked things. I deleted the email. It’s important to always be on alert for these scams. Have a good day!
It is, Betty. I’m glad to hear you spotted it as a scam. These scammers will do whatever they can to fool us all.
Thank you for the warning, Hugh. I have received many emails from scammers, but I’ve never received one mocking WordPress. I noticed the email address shows WordPress Inc., which there is no WordPress Inc; it’s .com or .org, and of course, the lower case “p” is a dead give away.
I don’t use WordPress email, and I pay for my email my main email service (Proton). Gmail, and Yahoo email services are frequently breached. Also, scammers will send bad links on cell phones, and I ignore and delete them. The scammers are getting smarter by the day, and we have to remain vigilant.
This was the second scam email I have received mentioning WordPress, Eugi. It seems other WordPress bloggers have also received it, so I think it’s a fairly new scam targeting WordPress users. I can’t recall ever receiving anything claiming to have come from WordPress that was from a scammer before late last year.
I don’t use the email service WordPress offers, but I do have a separate email account for my blog, and that’s where this scam email was sent. Fortunately, the email service provider marked it as spam and sent it straight to my spam folder. Even if it hadn’t been marked as spam, I’d have spotted the clues and marked it as spam. I hope nobody falls for the scam if they get the email.
Good for you for being so observant, Hugh, and thank you for sharing your experience.
I haven’t seen this yet, but I’ll be on the lookout now. With all the scams out there, I’ve become quite skeptical, which has led to sometimes finding that what sounds like a scam is actually legitimate. The lesson is to always double and triple-check before doing anything hastily.
You are correct, Pete. Scammers want to alarm us so much that we panic and act immediately, rather than step back and think about the contents of the email they send. I would much rather do all the checks first, even for legitimate emails.
I also received one like this and immediately deleted it. Thanks for the heads up, Hugh!
I thought the email was doing the rounds. I wonder how the scammer(s) got all our email addresses?
That’s a very good question.
It’s a sad reflection on how going about normal activities requires us to be constantly alert to those trying to spoil things for us. Thankfully there are a lot of people working just as hard to protect us from them.
Very true, Paul. My email security software identified the email I got as spam and sent it straight to the spam folder. The folks at WordPress were also very helpful. And I’ve seen a dramatic drop in spam in the comments section of my blog, thanks to the folks behind the scenes at WordPress who keep us safe.
Yes, I’ve noticed a drop, too.
A very dramatic drop too.
Thank you for sharing this, Hugh. Already through work, I am highly alerted not to open suspicious e-mails or even click on any links. My first check is always the sender address. That already unmasks most of fraudulent e-Mails.
You’re right about the email addresses, Erika. When I clicked the small triangle next to ‘WordPress Inc’ in the email I got, it revealed even more on how much of a scam the email was.
Thank God, there are still signs we can reveal scams.
I’m very vigilant about scam emails. I’m suspicious of everything. Even better than the generic “hello” is “Hello ”. Spelling and grammar errors are also a dead giveaway, as are distorted or low quality company logos.
For emails that reference billing problems that I think may be legitimate, I always sign in to my account directly (not using the link in the email) to verify.
Contacting the company directly via a new email or phone is a good idea when you’re not entirely sure about an email they have sent you. I’ve done it when getting scam calls claiming to be from my credit card provider. I always hang up, wait for at least 20 minutes and then call them back using the phone number on the back of my card. Fortunately, the introduction of AI software on my phone seems to have stopped all the scam calls. But AI is helping scam emails look more convincing.
That’s what I tell my 93-year-old mum. Don’t fall for it. If you have questions, call your bank. Luckily, she’s very wise and screens her calls and just hangs up on people. 😂
Good to hear, Michelle. When I used to visit my 95-year-old aunt before she passed away in 2022, her landline phone was always ringing. She’d always say ‘not today, thank you,’ and hang up if they didn’t address her by name first.
A great warning, Hugh, and timely, as my annual payment to WordPress is looming. The wrong email address is a big giveaway.
One thing I do to really make sure is to read the email in question on my computer, rather than on my phone. The phone’s small screen and potential added distractions can be a recipe for a mistake, which is what scammers are hoping for…an immediate, emotional response. Thanks for the reminder to be consistently diligent.
Thankfully, I read the majority of my emails on my computer rather than on my phone, Terri. If I do read any on my phone, I never respond until I’m in front of my computer.
These scammers want to alarm you and make you panic, hoping that you’ll take action immediately. That’s why it’s recommended to always take a step back and think before you act. And if still in doubt, show the email to someone else and ask for their advice, or contact the company directly via a new email or by phone.
Thanks for the reminder. Scammers bet you will act before you think.
You’re correct. They try to alarm you into acting immediately, rather than stepping back and thinking it through.
I have received several emails of the kind you describe in your post. I didn’t click on any of the links as the email address was clearly not one belonging to WordPress. In addition, the link clearly was not going to a WordPress site.
I have received other emails praising my book and offering to promote it on my behalf. However, the message pertained to another K Morris and did not concern any book I had written!
Thank you for warning WordPress users of the scams doing the rounds.
Kevin
I was tempted to click the link to see where it went, Kevin. I wanted to see if the scammer had built a mock WordPress site. But I decided against it, given that I spotted the clues that the mail was a scam.
I see and hear about many book scams. I get the same from scammers who contact me, praise my blog, ask if they can write a guest post, and say they read and love all my posts, yet I’ve never had any comments on any of my posts from them. The scams all follow the same wording and layout. I have responded to some saying I charge £1,000 per guest post. I never hear from them again.
Thanks, Hugh. I got taken by a website that said I owed x amount of money from a stretch of highway near here where you have to pay. My husband pointed out that we have an account that automatically paid for this. I pride myself on sniffing out scams but I got caught.
I appreciate your keeping us up to date!
Sorry to hear you got caught out by the scammer. If ever unsure, always ask somebody else before paying. A fresh pair of eyes on a scam often helps avoid being scammed.
thanks of the warning
No need to thank me, Beth. I enjoy sharing this important information with readers.
Thank you for highlighting this, Hugh. I received an email like that just a few days ago. It went into my spam, but because I wasn’t addressed personally, it made me suspicious. But you have to look carefully for these things.
Glad to hear your email security system identified it as spam and put it in the spam folder, Esther. Not addressing the recipient by name is always a big giveaway that it’s likely a scam.
Thanks for this. Also the not capital p is a dead giveaway. By making that slight mistake they can avoid being sued by the federal government. 🤣😎🙃
I don’t think these scammers worry about getting caught, especially as they can now often remove all evidence if they believe the authorities are moving in fast.
Wow. Scammers and spammers are getting smarter and sneakier by the day. That first image doesn’t look suspicious at all. The last few months, I have received tons of scamming emails about my book being used in book clubs and so on.
More stressful, however, was a phone call we received from the “Portuguese airline” this past Friday, which we had just changed our flight with because our original one (last night) had been cancelled due to severe weather. This person claimed we owed a change fee (which we didn’t) and threatened to cancel our reservation for a refund if we didn’t pay. He was very insistent and adamant and wasted half an hour of our time, energy, and nerves. He had access to our booking via the booking number and our names, which worried us, even after this call.
Many calls to the real TAP customer service proved this was a scam. More calls put extra security in place so the scammer couldn’t mess with our booking (the plane is full, so we didn’t want to lose our tickets). This event made our already stressful days even worse. Anyway, we are still stuck in Newburyport and hope to leave for Europe on Tuesday.
I’ve heard and read about many bookclub scams, Liesbet. They seem to have become very common over the last years.
That is very concerning how that scammer got your phone number and names. Does that mean that the airlines website is not secure enough? Or was he somebody that had access to their system as an employee? Or maybe an employee sent him a list of passenger information and got paid for it? I can understand how stressful getting this call must have been. Another sign of a scammer is when they become too insistent and adamant.
Have a good flight tomorrow. I look forward to reading all about it.
Thanks, Hugh. We are nervous about that flight. It’s still snowing here and we just know this trip will be stressful and uncomfortable due to our original flight having been cancelled.
We think the scammer received this information from an airline employee (TAP Portugal) and we have reported all this to an agent we trusted. When you look at airline websites, all you usually need is someone’s booking code and name, to access the reservation and make changes – or cancel – it. The scammer had that information for us…
So, no, most airline websites are not very secure, which we learned the hard way. The security they put in place for our situation was the need for a code sent by email, before being able to change the reservation online. And, we provided them with a code for potential changes over the phone as well. We felt better after learning about these extra security measures.
That’s a frightening thought about how insecure their websites are, Liesbet. Two-step authentication is a feature WordPress offers and is a great idea for many websites. I’m glad to hear the airline offered you a code via email as an extra layer of security.
Your story reminded me of a time (many years ago) when I got a call from my bank asking if I had ordered a new debit card and whether I was at my bank branch to collect it. I wasn’t, so they stopped the card from being handed over. On investigation, they found that an employee was working with someone outside the bank to obtain debit cards. That employee had access to thousands of people’s bank details.
Wow. That’s a crazy story, Hugh. I’m glad your bank called you to double check!