Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Malicious WordPress Plugin Assists in Phishing Attacks

    Catphishing CaseResearchers at SlashNext warn that cybercriminals are using a WordPress plugin called “PhishWP” to spoof payment pages and steal financial information. 

    The spoofed pages are designed to steal payment card numbers, expiration dates, CVVs, and billing addresses. The plugin can also intercept one-time passwords generated to secure the transactions.

    The stolen data is immediately sent to the crooks via Telegram as soon as the victim hits “enter” on the phishing page.

    “Attackers can either compromise legitimate WordPress websites or set up fraudulent ones to install it,” SlashNext explains. “After configuring the plugin to mimic a payment gateway, unsuspecting users are lured into entering their payment details.

    The plugin collects this information and sends it directly to attackers, often in real time. PhishWP also uses advanced tricks, like stealing the special OTP sent during a 3D Secure (3DS) check during the checkout process. 3DS is a safety measure that sends a short code to your phone or email to prove that you’re the actual cardholder. By grabbing this code, attackers can pass themselves off as you, making their fake transactions look completely real.”

    The researchers outline the attack flow as follows:

    • Set up on a WordPress site: Attackers either break into a trusted WordPress site or create their own fake one
    • Copy a real payment service: They use PhishWP to make checkout pages look just like a real payment processor (like Stripe), adjusting the design and language so nothing seems off about the branding, fields, or language
    • Lure victims in: Victims arrive at the site through carefully planned phishing emails, social media ads, or sneaky search results. Everything looks normal, so they enter their payment and personal details without a second thought
    • Steal the data: PhishWP scoops up all the sensitive information—credit card numbers, addresses, even special security codes—and instantly sends it to the attacker, often via Telegram
    • Cover the tracks: The victim then receives a fake confirmation email, making them believe their purchase went through. Meanwhile, the attacker uses or sells the stolen info in secret online markets

    KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

    SlashNext has the story.

     

    Return To KnowBe4 Security Blog

    Stop Advanced Phishing Attacks with KnowBe4 Defend

    KnowBe4 Defend takes a new approach to email security by addressing the gaps in M365 and Secure Email Gateways (SEGs). Defend helps you respond to threats quicker, dynamically improve security and stop advanced phishing threats. It reduces admin overhead, enhances detection and engages users to build a stronger security culture.

    BreachSim LogoWith KnowBe4 Defend you can:

    • Reduce risk of data breaches by detecting threats missed by M365 and SEGs
    • Free up admin resources by automating email security tasks
    • Educate users with color-coded banners to turn risks into teachable moments
    • Continuously assess and dynamically adapt security detection reducing admin overhead
    • Leverage live threat intelligence to automate training and simulations

    Request a Demo

    PS: Don't like to click on redirected buttons? Cut and paste this link in your browser:

    https://www.knowbe4.com/products/defend-demo

    Topics: Phishing, Security Culture

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews