WordPress Email Phishing Scam: Meetup Organizer Takeover

I had just settled in for the night and grabbed my phone to check my email one last time before enjoying some cheese popcorn. I received an email from a colleague. A forwarded email actually. An email coming from someone named caitlin at meetup.com.

It must be official and in regard to our local WordPress Meetup group, I thought. I better open this right away!

The Preface

Now please understand my state of mind. This email came in a day after I read this lengthy and ongoing discussion in the comment thread of an article by Jake Caputo about WordCamps, GPL, and other licensing issues, and perhaps an attempt to limit (or filter) what WordPress developers, power users, or other individuals are allowed to speak at WordCamp events.

The article above is an important discussion that needs to be had in the WordPress Community as a whole.

The Email Contents

It starts with this…

Hello WordPress Local Organizers!

As you know, WordPress is opening up a central account to help support WordPress chapters around the world…

WordPress Meetup Group Scam or Real
WordPress Meetup Group Scam or Real – Click Image to Enlarge and Share

Is It a Scam?

My gut reaction after reading the email was shock Then, after giving myself a minute to process what I was reading and the logic behind it, it just didn’t add up. This can’t be real…is it?

Further Investigation

After some initial Googling, I determined that if I couldn’t easily find a reference to this on the WordPress.org or the other sites I checked then it must be a scam. So I preceded to read the email message again. This time much closer attention to detail.

The Clues

First off, “caitlin”, if you are real please don’t be offended if I should know you, but I don’t.

Secondly, have a look at that url in the email message above. Shady? Perhaps. Unfamiliar to me? Yep.

And third, loading that url in my browser brought me somewhere just as mysterious. The Google Doc shown below. Meetup sends an email to a Google doc for collecting information supposedly needed by WordPress? C’mon dude.

(I did some brief browser security checks and lockdowns before loading the site first. You know. Just in case;)

WordPress Chapters at your Local Meetup?
WordPress Chapters at your Local Meetup? – Click Image to Enlarge and Share

Is This Where it Ends?

Did you receive this email also? I strongly caution you not to submit any info until you know the answer to this mysterious email notification outlined above.

Good or evil, this is something all my fellow WordPress people should know about, especially if you’re a WordPress Meetup Group organizer.

I hope I get confirmation soon. The suspense is killing me.

[note color=”#C3F0AB”]

UPDATE:

Andrew Nacin (WordPress Lead Developer) helped me out immediately after I posted this article on Twitter. He confirmed that this email is legitimate. Read more details about WordPress and Meetup groups designated as official Chapters of WordPress on this page. [/note]

[blackbirdpie url=”http://twitter.com/nacin/status/294281713058734082″]

[note color=”#FFCC00″]If you find this article helpful to the community, please consider sharing a link by using the social sharing methods in our images above when clicked.[/note]