Phishing emails

We recently received word that phishers have been sending out emails in Yoast’s name asking to grant access to people’s WordPress installation. These are phishing emails and were not sent by any Yoast employee.

How to recognize a phishing email?

The best way to recognize a phishing email is because of its unusual request. Yoast would never reach out to you -out of the blue- offering to update your website for you. Simply because we don’t have the manpower to update over 6 million websites.

Also, Yoast would never ask you to create an admin account for an email address that doesn’t end with @yoast.com.

One of our very observant customers forwarded the following email to us:

Hi [name],

We are contacting you regarding your WordPress website [website]. This domain is currently optimized with our Yoast SEO plugin v3.3.4 for WP.

A security issue, avoiding the plugin to correctly rank your site, has been detected and we are running some major security updates.

This is a painless procedure. One of our dedicated team expert can handle this for you without having to go offline for a single minute.

We don’t need any FTP access, we will use the plugin editor directly on your website.

In order to get this done, please create an admin account for us. You can revoke this access when the job will be completed (should not take longer than 15 minutes)

Here is how to do it :

If you’re an Administrator and you’d like to create a new user on your site, go to Users → Add New.

Fill in the username field with: YOAST
Password : [randompassword]
Email of our support specialist : yoastdevwordpress.peter@gmail.com

Then, check the box “Send this password to the new user by email” and select administrator role.

Our support specialist will get the password in the email with instruction on how to log in. Please tell us what email you would like us to use to notify you once the update will be done. If you do not specify one, we will email : [your email address]

Thank you for your help,

[Name],
[Position]
[link-to-employee-about-page]

© 2003-2017 Yoast BV Yoast is a trademark of Yoast BV

What to do if I don’t trust an email I received from Yoast?

If you think you may have received a phishing email, do not click any links in the email nor comply with the requests done in the email.
Instead, forward the email to support@yoast.com. Our support team will help you determine if the email is legitimate.