Scammers have always been busy, but man did they pick up the pace with the dawn of AI. I recently learned of a phishing scam from a fake website “Choice Organic Products”. They seem to be targeting freelance web developers and I’m sure agencies wouldn’t be off limits either. If you get a contact form submission from them on your website, just ignore it. But, since it’s a classic example of a phishing scam, I’ll explain how it works in a bit more detail.
First, you’ll receive a contact form submission. After you respond, they will email you a pdf with the work they’re trying to have done and a link to their website. This was the first red flag to me because the scope of work was highly technical and related to WordPress. Object caching, performance plugins, etc. However, the website was just a “coming soon” landing page, and it is not built with WordPress. At this point, it’s pretty obvious that it’s a scam and the conversation can end here.
However, if you were to continue interacting with the scammer, they would send you a link to another page where they’d want you to log in with your Google credentials to gain access to their WP Engine account. This page, of course, is fake and will steal your credentials and they would instead gain access to your Google account. In reality, if a real client wanted to invite you to their WP Engine account they’d send you an invite from WP Engine itself.
This is a pretty classic example of a phishing scam so I just wanted to share it. At the end of the day, if anyone sends you an unfamiliar link that’s prompting you to log in with specific credentials… chances are it’s a scam. Stay vigilant y’all.
