New PhishWP Plugin on Russian Forum Turns Sites into Phishing Pages

Latest News on PhishWP WordPress Plugin Phishing

PhishWP Plugin Overview:
A newly identified WordPress plugin called PhishWP has been used by cybercriminals to create fake payment pages that mimic legitimate services like Stripe, enabling the theft of sensitive financial and personal data124. The plugin is distributed on Russian cybercrime forums and allows attackers to generate convincing payment interfaces that capture credit card details, billing addresses, and one-time passwords (OTPs) from victims124.

How PhishWP Operates:
PhishWP works by either compromising existing WordPress sites or creating fraudulent ones to host the plugin. Once installed, it replicates trusted payment gateways, creating fake checkout pages that are nearly indistinguishable from the real thing. The plugin includes features such as:

• Customizable Payment Pages: Highly customizable checkout pages that mimic legitimate payment processors124.
• 3DS Code Popup: Captures 3D Secure authentication codes in real-time, bypassing security measures14.
• Telegram Integration: Transmits stolen data directly to attackers via Telegram in real-time124.
• Browser Profiling: Collects additional metadata like IP addresses, screen resolutions, and user agents24.
• Deceptive Confirmation Emails: Sends fake confirmation emails to victims with their order details, delaying suspicion and giving attackers more time to exploit the data124.

How to Protect Against PhishWP

1. Advanced Browser-Based Phishing Protection:

   • Use advanced browser-based phishing protection tools that provide real-time threat detection and block malicious URLs across all major browsers1.

2. Regular Training and Awareness Programs:

   • Implement regular training programs that include phishing simulations to teach employees to spot and stop attacks before they compromise systems3.
   • Conduct password management workshops and host secure practices seminars to broaden employees’ understanding of cybersecurity beyond passwords and phishing3.

3. Simulated Cyberattacks:

   • Simulate cyberattacks, including phishing simulations, to identify weak spots in your security posture and reinforce training by putting theory into practice3.

4. Psychological Insights:

   • Understand the psychological aspects of human behavior to tailor security measures that reduce the likelihood of errors and enhance overall security compliance3.

5. Monitor for Suspicious Plugins:

   • Regularly monitor WordPress sites for any compromises or suspicious plugins, especially those that seem too good to be true or offer advanced customization options24.

6. Verify Payment Pages:

   • Always verify the legitimacy of payment pages by checking for HTTPS and ensuring the URL matches the expected domain of the service being used124.

7. Enable 3DS Code Requests:

   • Enable 3D Secure (3DS) code requests to add an extra layer of security, but be aware that PhishWP can intercept these codes4.

By combining these measures, organizations can significantly reduce the risk of falling victim to PhishWP and other similar phishing attacks.