Phishing

“Phishing” is a cyberattack that tricks users through fraudulent websites, emails, text messages, phone calls, and other communications. The attacker aims to persuade the user to reveal sensitive information, enter login credentials, or download malware. Phishing is a form of social engineering.

Phishing websites work by creating a fake replica website hosted at a domain which initially appears official. A phishing attack can consist of multiple fake websites that link and redirect between each other. As a protection against a phishing incident, users should always confirm that the domain name of a site is correct and trusted before entering their login credentials.

Phishing incidents create security vulnerabilities for individuals, applications, and organizations. If a user suspects that they are the victim of a phishing attack related to WordPress VIP, contact the Support team immediately. WPVIP’s Support team is trained to support customers in a security incident with efficiency and empathy.

Prevent a phishing incident

Be wary of links in messages even if they are from a known contact. Carefully inspect the domain in links sent in emails, texts, and other messages—even from a from a colleague or known contact—before selecting them. Links can be inspected by hovering over the URL. Be especially wary of any message that creates a sense of urgency, particularly if the next step requires authentication.

Use a password manager. Password managers can perform a check against a website domain before filling in credential details. Password managers allow long, complex, unique passwords to be used without requiring a user to remember them.

Activate multi-factor authentication (MFA) on user accounts whenever possible. MFA is required for VIP Dashboard user accounts, and is strongly recommended for all user accounts.

Use a known, safe way to access websites owned and managed by WordPress VIP. Whenever possible, access a website directly by typing in the full URL (e.g. https://dashboard.wpvip.com/), or by selecting a saved browser bookmark for a trusted URL. Fake domains can be difficult to spot. For example, a fake website with the domain https://dashboar.dwpvip.com instead of the trusted domain https://dashboard.wpvip.com for the VIP Dashboard. Use great caution before submitting login credentials to any site accessed through search engine results, emails, or other messages. Phishing sites sometimes rank highly in search engine results and can often appear credible.

Login portals owned by WordPress VIP

Phishing attempts based on websites and domains owned by WordPress VIP have occurred in the past and will occur again. Before submitting login credentials to a WordPress VIP site, verify that the domain name in the browser address bar matches one listed below.

• Parse.ly dashboard: dash.parsely.com
• VIP Dashboard: dashboard.wpvip.com
• WPVIP Authentication portal: auth.wpvip.com

Report a phishing incident

Known or suspected phishing incidents should be reported immediately so that preventative measures can be put in place to mitigate potential damage.

Stop using the suspicious website or websites immediately. If login credentials were submitted to a fake site (e.g. for a GitHub or WordPress.com user account), log in to the user accounts using a correct and validated URL, and reset the account password. Some services will allow a user to log out of all currently logged-in sessions. Do this if possible.

Submit a WPVIP Support request with the priority marked as Urgent. Share the URL of the suspicious site in the Support request, report the source of the URL (e.g. an email from a colleague, Google search results), and describe the actions taken so far and related concerns. WPVIP’s Support team can assist with resetting login credentials for WordPress user accounts. The team can also advise on next steps to protect additional data and systems.

Create a VIP Support request in Zendesk

1. Log in to the WordPress VIP Zendesk portal at wordpressvip.zendesk.com.
2. Create and submit a Support request with the priority marked as Urgent.

Create a VIP Support request in the WordPress Admin dashboard

As a logged-in user of a site’s WordPress Admin dashboard:

1. Select “VIP” from the left hand navigation menu. 
2. Complete the fields in the form titled “Contact WordPress VIP Support”
3. Set the “Priority” as Urgent.
4. Select the button labeled “Send Request“.