Tag: Safety Tips

An image of the letter W in lots of blue badges.

Reasons to Act Immediately If You Receive This WordPress Email

Published on by Hugh W. Roberts14 Comments

Back in November 20025, I published a post, ‘The Latest Blogging and Publishing Scams You Need to Be Aware Of Now,‘ which outlined a number of scams aimed at bloggers, writers, and authors.

This week, I received an email that appeared to be from WordPress, but which raised my suspicions.

Firstly, I was fortunate that my email system identified the message as spam and moved it to my spam folder. However, it made me consider other WordPress bloggers who might have received or will receive the email, but whose antivirus or email security software does not recognise it as spam or a scam.

Here are two images of the email’s contents. I’ve highlighted some areas which I encourage you all to check before clicking on any link and risking becoming a victim of a scammer.

An image of a scam email that appears to be from WordPress about a problem with a WordPress account. There is a button to click to access the WordPress account's billing centre.
An image of a scam WordPress email

The image above may seem fine, but one clue indicates it’s not a genuine WordPress email. What is that clue?

  • Not being addressed by name in any company email is a strong clue that the email is not genuine.
  • The scammer simply said ‘Hello,’ which is a tactic used because addressing everyone by name is too time-consuming.
  • Scammers send these emails to thousands of recipients hoping that some will respond.
  • All the scammer needs is for one person to click the link to obtain login and username details.
  • Once they have that information, they can lock you out of your blog and wreak havoc.
  • Scammers are often more interested in obtaining any credit or debit card details you have on your account. If they obtain those details, they could go on a spending spree.

Here’s the next image.

An image of the email details from a scammer pretending to be WordPress. The email address has been sent from a completely different email to that of WordPress
Look for the clues when suspicious of emails
  • The scammer couldn’t even get the correct format for ‘WordPress’.
  • The ‘P’ in ‘WordPress’ is always capitalised; the scammer missed this detail.
  • The details after the first part of the email don’t match WordPress.
  • The email address hidden behind what appears to be a WordPress email does not contain any WordPress information.

I was worried that somewhere out there, a scammer either has a list of email addresses for WordPress bloggers or has taken a chance, sending emails to addresses on a list, probably from the dark web. This email did not go to my private email address, but to the email address I use for my blog. I hate to think of my email address on a scammers’ list anywhere, but unfortunately, it can happen.

I contacted WordPress regarding the scam email, and they requested me to forward it so they could investigate.

If you receive a suspicious email from WordPress, the best way to report it is to forward it to phishing@automattic.com so their security team can investigate and act against the scammers.

As a quick tip:

  • Legitimate WordPress.com emails always come from @wordpress.com or @automattic.com addresses. Note that any mention of WordPress before the ‘@’ will be the correct format of WordPress.
  • They will never ask for passwords or payment info via email or a text message.

In the unlikely event that you click on any links or enter any information from a scam email that claims to be from WordPress, change your WordPress.com password as a precaution by visiting your ‘Profile‘ settings and selecting the ‘Security‘ tab.

If you are not sure or are suspicious of any email, always contact the company the email claims to be from before clicking any links or providing any information.

Summary:

  • Always be aware of suspicious emails, not just from WordPress but from any company, especially if they include links and do not address you by name.
  • Look for spelling mistakes, especially in the sender’s email address.
  • Send any suspicious emails to the company they claim to come from. All reputable companies will have a dedicated email address for scam emails.
  • Companies will never ask you for your passwords or payment information in an email or text message.
  • If you click any suspicious links, change your password immediately.

Have you ever received a suspicious email claiming to be from WordPress or another service? What was your initial reaction? What steps do you take to verify the authenticity of an email before clicking on any links? Can you share any personal experiences with online scams you have encountered?

The featured image on this blog post is sourced from Pixabay. AI reviewed spelling and grammar errors.

You can follow me at the following sites.

Copyright @ 2026 hughsviewsandnews.com – All rights reserved.