Recently, we received a completed contact form submission on our website from someone named Ann Johnson. She asked if we could review her website and make some updates, explaining that a previous developer had “left it in disarray.” Requests like this are fairly common, so we followed up to gather more details.
Here’s the email she sent:
“I’m not very familiar with this, since the previous developer didn’t leave any details, so I suggest we don’t waste any time, and I’ll give you access to our WordPress admin panel right away. I’m not asking you to do any work before payment is made; I just want you to take a look at how things are set up internally and draw your own conclusions. The scope of the work may change, since the previous developer left everything in a state of disarray.”
At first glance, this seemed reasonable. She admitted she didn’t fully understand how to fix her website and offered to provide admin access so we could assess the situation. While this can be a positive sign, we remained cautious as scam attempts through client forms are not uncommon.
After receiving her WordPress login credentials, we attempted to access the site but immediately ran into issues. Each time we entered the username and password, we were redirected back to a blank login page. Assuming it might be a technical glitch, we reached out to Ann for clarification.
That’s when things took a turn.
She responded with the following:
“We’ve encountered this issue before. I’m not sure exactly what’s causing it, but it will need to be resolved if it wasn’t included in the original scope of work. Could you please create a username by signing up through Google? As soon as you send me that username, I’ll create an account for it with full access rights. This method has worked well in the past. Thank you in advance, and I apologize for the inconvenience.”
So we clicked the option on WordPress to “continue with Google account” and got this page (to the left). Looks legit, right? Spoiler alert: it’s not! This is actually a phishing site, designed to mimic a Google login browser. Had we entered our credentials, we would have unknowingly handed over access to our entire Google account.
While this situation raised red flags for us early on, our experience in web development made it easier to spot these tip-offs. To someone who is not as well-versed in the field, this could come across as completely normal. That is why it’s important to look for warning signs when faced with encounters like this. Pay attention to details like unusual email requests, vague project descriptions, subtle typos, a sense of urgency, or reluctance to provide verifiable information.
Additionally, when we investigated further, we learned the domain name for the website was registered the same day Ann emailed us, and the website was a fresh WordPress installation with the default “Hello world!” theme, which was all alarming. When we tried to contact them through their phone number, we noticed it wasn’t registered to the same state as her address. Details like this point towards unreliability. These scams are becoming more and more common AND harder to recognize. Stay alert and keep your personal data and business protected.
We proudly support the LGBTQ+ community