This is just a quick PSA to anyone who has a registered domain name, especially through WordPress. I just got a phishing scam email disguised to look like it came from WordPress positing that my contact information used to register for my domain might be wrong and that it’s illegal to use false information.
Basically the idea is to scare you into giving your information.
What tipped me off was that it showed up in the wrong folder, so I immediately checked the email details. Anyone who’s hosted their own website (not through a service like WordPress) would easily see the problem with the email address it came from, help@Wordpress.sawbuck.com. For those not familiar, ignore the first part (help@) it’s just used to distinguish email addresses that are going to the same place, like email@example.com vs firstname.lastname@example.org. (Please let that second one not be real.) The second part is a subdomain and could also be written sawbuck.com/Wordpress, which is clearly NOT from WordPress.com.
Had I not noticed it coming from the wrong address I likely would have gone further, clicking on a link. It wasn’t targeting me, it was targeting the domain to get to me. And I just wasn’t as prepared for that as I am for the fake winner scams or the Nigerian Princes looking to give away their money.
Anyway, I just wanted everyone to know since this felt unusually targeted and it’s not the sort of thing I’ve encountered a lot before. Although similar tactics are used on Facebook a lot for all the fake giveaway pages. (Always check for extra punctuation.)