{"id":16666,"date":"2025-04-24T18:17:20","date_gmt":"2025-04-24T18:17:20","guid":{"rendered":"https:\/\/rapyd.cloud\/blog\/?p=16666"},"modified":"2025-04-28T07:44:27","modified_gmt":"2025-04-28T07:44:27","slug":"phishing-campaign-targeting-woocommerce-stores","status":"publish","type":"post","link":"https:\/\/rapyd.cloud\/blog\/phishing-campaign-targeting-woocommerce-stores\/","title":{"rendered":"Heads Up: Phishing Campaign Targeting WooCommerce Stores"},"content":{"rendered":"\n<p>If you run a WooCommerce store, this is worth your attention. WooCommerce has issued a\u00a0developer advisory\u00a0about a new phishing campaign that\u2019s targeting store owners with fake security alerts.<\/p>\n\n\n\n<p>Here\u2019s a quick breakdown of what\u2019s happening and how you can stay safe.<\/p>\n\n\n\n<h2 id=\"whats-going-on\" class=\"wp-block-heading\">What\u2019s Going On?<\/h2>\n\n\n\n<p>Attackers are sending fake emails pretending to be from WooCommerce. They claim your site has a &#8220;<strong>critical security vulnerability<\/strong>&#8221; discovered around April 14, 2025, and they urge you to install a \u201csecurity patch,\u201d which, of course, is actually malware.<\/p>\n\n\n\n<p>These emails are designed to look convincing, often mentioning your specific store URL to add pressure. But they&#8217;re coming from shady domains like:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>help@security-woocommerce.com<\/code><\/li>\n\n\n\n<li><code>incident@notify-woocommerce.com<\/code><\/li>\n\n\n\n<li><code>help@support-woocommerce.com<\/code><\/li>\n<\/ul>\n\n\n\n<p><strong>These are not official WooCommerce communications.<\/strong><\/p>\n\n\n\n<p>Additional comments on the official post from WooCommerce shared the following: <br><\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"337\" src=\"https:\/\/rapyd.cloud\/blog\/wp-content\/uploads\/2025\/04\/Screenshot-2025-04-27-at-112833 PM-1024x337.png?wsr\" alt=\"\" class=\"wp-image-16669\" srcset=\"https:\/\/rapyd.cloud\/blog\/wp-content\/uploads\/2025\/04\/Screenshot-2025-04-27-at-112833%20PM-1024x337.png 1024w, https:\/\/rapyd.cloud\/blog\/wp-content\/uploads\/2025\/04\/Screenshot-2025-04-27-at-112833%20PM-300x99.png 300w, https:\/\/rapyd.cloud\/blog\/wp-content\/uploads\/2025\/04\/Screenshot-2025-04-27-at-112833%20PM-768x253.png 768w, https:\/\/rapyd.cloud\/blog\/wp-content\/uploads\/2025\/04\/Screenshot-2025-04-27-at-112833%20PM-380x125.png 380w, https:\/\/rapyd.cloud\/blog\/wp-content\/uploads\/2025\/04\/Screenshot-2025-04-27-at-112833%20PM-550x181.png 550w, https:\/\/rapyd.cloud\/blog\/wp-content\/uploads\/2025\/04\/Screenshot-2025-04-27-at-112833%20PM-800x263.png 800w, https:\/\/rapyd.cloud\/blog\/wp-content\/uploads\/2025\/04\/Screenshot-2025-04-27-at-112833%20PM-1160x382.png 1160w, https:\/\/rapyd.cloud\/blog\/wp-content\/uploads\/2025\/04\/Screenshot-2025-04-27-at-112833%20PM.png 1294w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"284\" src=\"https:\/\/rapyd.cloud\/blog\/wp-content\/uploads\/2025\/04\/Screenshot-2025-04-27-at-112856 PM-1024x284.png?wsr\" alt=\"\" class=\"wp-image-16670\" srcset=\"https:\/\/rapyd.cloud\/blog\/wp-content\/uploads\/2025\/04\/Screenshot-2025-04-27-at-112856%20PM-1024x284.png 1024w, https:\/\/rapyd.cloud\/blog\/wp-content\/uploads\/2025\/04\/Screenshot-2025-04-27-at-112856%20PM-300x83.png 300w, https:\/\/rapyd.cloud\/blog\/wp-content\/uploads\/2025\/04\/Screenshot-2025-04-27-at-112856%20PM-768x213.png 768w, https:\/\/rapyd.cloud\/blog\/wp-content\/uploads\/2025\/04\/Screenshot-2025-04-27-at-112856%20PM-380x106.png 380w, https:\/\/rapyd.cloud\/blog\/wp-content\/uploads\/2025\/04\/Screenshot-2025-04-27-at-112856%20PM-550x153.png 550w, https:\/\/rapyd.cloud\/blog\/wp-content\/uploads\/2025\/04\/Screenshot-2025-04-27-at-112856%20PM-800x222.png 800w, https:\/\/rapyd.cloud\/blog\/wp-content\/uploads\/2025\/04\/Screenshot-2025-04-27-at-112856%20PM-1160x322.png 1160w, https:\/\/rapyd.cloud\/blog\/wp-content\/uploads\/2025\/04\/Screenshot-2025-04-27-at-112856%20PM.png 1282w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"312\" src=\"https:\/\/rapyd.cloud\/blog\/wp-content\/uploads\/2025\/04\/Screenshot-2025-04-27-at-112919 PM-1024x312.png?wsr\" alt=\"\" class=\"wp-image-16671\" srcset=\"https:\/\/rapyd.cloud\/blog\/wp-content\/uploads\/2025\/04\/Screenshot-2025-04-27-at-112919%20PM-1024x312.png 1024w, https:\/\/rapyd.cloud\/blog\/wp-content\/uploads\/2025\/04\/Screenshot-2025-04-27-at-112919%20PM-300x91.png 300w, https:\/\/rapyd.cloud\/blog\/wp-content\/uploads\/2025\/04\/Screenshot-2025-04-27-at-112919%20PM-768x234.png 768w, https:\/\/rapyd.cloud\/blog\/wp-content\/uploads\/2025\/04\/Screenshot-2025-04-27-at-112919%20PM-380x116.png 380w, https:\/\/rapyd.cloud\/blog\/wp-content\/uploads\/2025\/04\/Screenshot-2025-04-27-at-112919%20PM-550x168.png 550w, https:\/\/rapyd.cloud\/blog\/wp-content\/uploads\/2025\/04\/Screenshot-2025-04-27-at-112919%20PM-800x244.png 800w, https:\/\/rapyd.cloud\/blog\/wp-content\/uploads\/2025\/04\/Screenshot-2025-04-27-at-112919%20PM-1160x354.png 1160w, https:\/\/rapyd.cloud\/blog\/wp-content\/uploads\/2025\/04\/Screenshot-2025-04-27-at-112919%20PM.png 1286w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>In short, many users reported more malicious domains than the initial reported ones: <\/p>\n\n\n\n<p><code>woocomm\u0117rce.com<\/code>\u00a0(with an accent mark on the \u2018e\u2019)<br><code>noreply@news-woocommerce.com<\/code><br><code>noreply@woocommerce-secure.com<\/code><br><code>security@mail-woocommerce.com<\/code><br><code>security@news-woocommerce.com<\/code><br><code>noreply@woocommerce-monitor.com<\/code><br><code>noreply@woocommerce-updates.com<\/code><\/p>\n\n\n\n<p>Real security updates from WooCommerce always come from trusted domains like\u00a0<code>woocommerce.com<\/code>\u00a0or\u00a0<code>automattic.com<\/code>, and they&#8217;ll direct you to legitimate sources like WordPress.org or WooCommerce.com, never to random downloads.<\/p>\n\n\n\n<h2 id=\"what-you-should-do\" class=\"wp-block-heading\">What You Should Do<\/h2>\n\n\n\n<p>If you spot one of these emails:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Don\u2019t click any links<\/strong>\u00a0or download any files.<\/li>\n\n\n\n<li><strong>Don\u2019t install<\/strong>\u00a0any plugins or patches sent through email.<\/li>\n\n\n\n<li><strong>Report the email<\/strong>\u00a0as phishing to your provider.<\/li>\n<\/ul>\n\n\n\n<p>When in doubt, go directly to your WordPress dashboard or WooCommerce.com for updates and never trust links inside an email you weren\u2019t expecting.<\/p>\n\n\n\n<p>Read the Dev advisory from WooCommerce <a href=\"https:\/\/developer.woocommerce.com\/2025\/04\/22\/dev-advisory-phishing-campaign-targeting-woocommerce-stores\/?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noopener nofollow\" title=\"\">here<\/a>. <\/p>\n\n\n\n<h2 id=\"how-rapyd-cloud-helps-keep-you-safe\" class=\"wp-block-heading\">How Rapyd Cloud Helps Keep You Safe<\/h2>\n\n\n\n<p>While we can\u2019t control external phishing campaigns, <a href=\"https:\/\/rapyd.cloud\/managed-security\/\" target=\"_blank\" rel=\"noopener\" title=\"\">Rapyd Cloud<\/a> can help you build a more secure foundation through:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Automatic WordPress updates<\/strong>\u00a0so your core software and plugins stay current.<\/li>\n\n\n\n<li><strong>Server-side malware scanning<\/strong>\u00a0to spot suspicious files early.<\/li>\n\n\n\n<li><strong>Daily backups<\/strong>\u00a0that make it easy to recover if something ever goes wrong.<\/li>\n\n\n\n<li><strong>Real human support<\/strong>\u00a0that can help if you\u2019re worried about your site\u2019s security.<\/li>\n<\/ul>\n\n\n\n<p>Your WooCommerce store deserves better than crossing your fingers and hoping hackers stay away.<\/p>\n\n\n\n<p>Stay sharp, and if you ever need help locking down your store, the Rapyd Cloud team has your back.<\/p>\n","protected":false},"excerpt":{"rendered":"If you run a WooCommerce store, this is worth your attention. WooCommerce has issued a\u00a0developer advisory\u00a0about a new&hellip;\n","protected":false},"author":15,"featured_media":14369,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_eb_attr":"","om_disable_all_campaigns":false,"_eb_data_table":"","csco_post_fleet_bg_color":"","csco_post_fleet_image_id":14369,"csco_post_fleet_text_color":"","full_width_enabled":false,"csco_singular_sidebar":"","csco_page_header_type":"fleet","csco_header_bg_color":"","csco_appearance_masonry":"","csco_page_load_nextpost":"","csco_post_video_location":[],"csco_post_video_location_hash":"","csco_post_video_url":"","csco_post_video_bg_start_time":0,"csco_post_video_bg_end_time":0,"footnotes":""},"categories":[38],"tags":[301],"class_list":{"0":"post-16666","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"tag-phishing","9":"csco-post-header-type-fleet","10":"cs-entry","11":"cs-video-wrap"},"acf":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/rapyd.cloud\/blog\/wp-json\/wp\/v2\/posts\/16666","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/rapyd.cloud\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/rapyd.cloud\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/rapyd.cloud\/blog\/wp-json\/wp\/v2\/users\/15"}],"replies":[{"embeddable":true,"href":"https:\/\/rapyd.cloud\/blog\/wp-json\/wp\/v2\/comments?post=16666"}],"version-history":[{"count":3,"href":"https:\/\/rapyd.cloud\/blog\/wp-json\/wp\/v2\/posts\/16666\/revisions"}],"predecessor-version":[{"id":16674,"href":"https:\/\/rapyd.cloud\/blog\/wp-json\/wp\/v2\/posts\/16666\/revisions\/16674"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/rapyd.cloud\/blog\/wp-json\/wp\/v2\/media\/14369"}],"wp:attachment":[{"href":"https:\/\/rapyd.cloud\/blog\/wp-json\/wp\/v2\/media?parent=16666"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/rapyd.cloud\/blog\/wp-json\/wp\/v2\/categories?post=16666"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/rapyd.cloud\/blog\/wp-json\/wp\/v2\/tags?post=16666"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}