Secure DNS Scam (DNSSEC) Targets WordPress Bloggers

by   |  Last Update:  |  0 Comments  

On This Page: [hide]

  1. DNS Scam Targeting WordPress Bloggers

According to Sophos cybersecurity researchers, a new scam targeted at WordPress bloggers is currently circling the web. Over the weekend, the researchers received a well-crafted scam message that looked more convincing than many other scams out there.

DNS Scam Targeting WordPress Bloggers

Wordpress logo imageThe message pretended to come from WordPress itself, claiming that DNS security features would soon be added for their domain.

Here’s an excerpt from the fake email message that Sophos received:

From: WordPress
Subject: nakedsecurity.sophos.com DNS Update
We’re upgrading your domain DNS for something even better, freely!
We care about your privacy and the protection of your domains, so we will soon be upgrading them, from basic Domain Name System (DNS) to Domain Name System Security Extensions (DNSSEC).

And here’s an actual screenshot of the scam message’s contents:
sophos email scam prevention image
Image Source: nakedsecurity.sophos.com

Most users today are aware that DNS stands from the domain name system, the globally distributed databases that turns server names into network numbers. In fact, as pointed out by the security experts, DNSSEC which is mentioned in the message (see above) does exist. It is a protocol that adds authentication to DNS data transfers with the idea to prevent cybercriminals from filling the DNS database with fake entries that hijack web traffic.

Also Read DNS Propagation – What Is It and How It Works

DNSSEC means domain name system security extensions, and it has been available for more than 20 years. However, since DNSSEC is usually a feature used by service providers to help sustain their own DNS databases, most bloggers and website owners most likely have never set it up by themselves. This means that receiving this message could most likely trick bloggers into believing it’s authentic, which could lead recipients into revealing sensitive information, which is what usually scammers are after.

Any data you enter here goes straight to the crooks, and if you don’t have two-factor authentication enabled on your account, the crooks may very well be able to log on to your website or blog right away and take it over completely, Sophos warns.

What can WordPress bloggers like you do to protect themselves?

Here are a couple of simple but useful tips:

  • Don’t reveal your login credentials via links you received in unexpected emails. Usually, most companies and services don’t support this practice and would find a more appropriate way to inform you about any changes that concern you.
  • Use two-factor authentication to increase your account’s security.

Follow us for more useful WordPress and web hosting news.

Researched and written by:
HowToHosting Editors
HowToHosting.guide provides expertise and insight into the process of creating blogs and websites, finding the right hosting provider, and everything that comes in-between. Read more...

No related posts.

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree
At HowToHosting.Guide, we offer transparent web hosting reviews, ensuring independence from external influences. Our evaluations are unbiased as we apply strict and consistent standards to all reviews.
While we may earn affiliate commissions from some of the companies featured, these commissions do not compromise the integrity of our reviews or influence our rankings.
The affiliate earnings contribute to covering account acquisition, testing expenses, maintenance, and development of our website and internal systems.
Trust howtohosting.guide for reliable hosting insights and sincerity.