{"id":14677,"date":"2026-07-02T07:04:02","date_gmt":"2026-07-02T07:04:02","guid":{"rendered":"https:\/\/wpm.si\/?p=14677"},"modified":"2026-07-02T07:04:02","modified_gmt":"2026-07-02T07:04:02","slug":"fake-wpm-ceo-email-spoofing-scam","status":"publish","type":"post","link":"https:\/\/wpm.si\/en\/maintenance-and-support\/fake-wpm-ceo-email-spoofing-scam\/","title":{"rendered":"Fake WPM CEO Email Scam: How to Spot Spoofing Attempts"},"content":{"rendered":"<p><strong>This week, we experienced a real email spoofing attempt involving our own CEO.<\/strong> Someone tried to scam one of our clients by copying his photo, his signature, our logo, and even our brand colors \u2014 the only thing they got wrong was the email address. We&#8217;re sharing exactly what happened, because if it can happen to us, it can happen to anyone in our industry, and to any of our clients.<\/p>\n<p><strong>This is an awareness post, not a sales post.<\/strong> No links to book a call, no package pricing. Just what we saw, why spoofing matters, and how to protect yourself.<\/p>\n<h2>What Happened<\/h2>\n<p>On July 2, an email landed in a client&#8217;s inbox that looked, at first glance, completely legitimate. It appeared to come from our CEO, <strong>Jurij Oblak<\/strong>, and included:<\/p>\n<ul>\n<li>His real name, title, and profile photo<\/li>\n<li>The WPM logo and brand colors<\/li>\n<li>A full signature block with (fake) contact details<\/li>\n<li>A subject line designed to create urgency: <strong>&#8220;WordPress Website Maintenance &amp; Renewal Notice (Action Required Before July 15)&#8221;<\/strong><\/li>\n<\/ul>\n<p>The email claimed that plugins, themes, and licenses on the client&#8217;s website were about to expire, and that <strong>immediate payment of $850<\/strong> was required to avoid security risks and downtime. It asked the client to approve the charge so an &#8220;invoice&#8221; could be issued right away.<\/p>\n<p><strong>Everything about it was designed to look official \u2014 except the sender&#8217;s actual email address.<\/strong> The message came from a free Gmail account made to resemble a WPM address, not from our real domain.<\/p>\n<h2>Why This Should Concern Every Business, Not Just Ours<\/h2>\n<p>This wasn&#8217;t a lazy, typo-filled scam email. Whoever built it took the time to pull a real photo, replicate a real signature, and match real branding. <strong>That level of effort is becoming normal, not rare.<\/strong> Any company with a public-facing team \u2014 a CEO, an account manager, a support contact \u2014 is a target for this kind of impersonation. Your vendors, your agency, your own leadership can all be spoofed the same way.<\/p>\n<h2>How to Recognize a Spoofed Email Like This One<\/h2>\n<p>A few checks would have caught this one immediately, and they&#8217;ll catch most others too:<\/p>\n<ul>\n<li><strong>Check the actual sender address<\/strong>, not just the display name. A name can say &#8220;Jurij Oblak&#8221; while the address behind it is a random Gmail account.<\/li>\n<li><strong>Be suspicious of urgency and deadlines<\/strong> \u2014 &#8220;action required before July 15&#8221; is designed to make you act before you think.<\/li>\n<li><strong>Be wary of unexpected payment requests<\/strong>, especially ones asking you to simply &#8220;approve&#8221; a charge by reply.<\/li>\n<li><strong>Hover over links and check reply-to addresses<\/strong> before clicking or responding.<\/li>\n<li><strong>When in doubt, contact the person directly<\/strong> through a channel you already trust \u2014 not by replying to the email itself.<\/li>\n<\/ul>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-14678\" src=\"https:\/\/wpm.si\/wp-content\/uploads\/2026\/07\/wpm_spoof_waning.png\" alt=\"\" width=\"1910\" height=\"1645\" srcset=\"https:\/\/wpm.si\/wp-content\/uploads\/2026\/07\/wpm_spoof_waning.png 1910w, https:\/\/wpm.si\/wp-content\/uploads\/2026\/07\/wpm_spoof_waning-464x400.png 464w, https:\/\/wpm.si\/wp-content\/uploads\/2026\/07\/wpm_spoof_waning-929x800.png 929w, https:\/\/wpm.si\/wp-content\/uploads\/2026\/07\/wpm_spoof_waning-768x661.png 768w, https:\/\/wpm.si\/wp-content\/uploads\/2026\/07\/wpm_spoof_waning-1536x1323.png 1536w\" sizes=\"auto, (max-width: 1910px) 100vw, 1910px\" \/><\/p>\n<h2>All Genuine WPM Emails Come From @wpm.si<\/h2>\n<p>To make this simple: <strong>every legitimate email from our team comes from an @wpm.si address.<\/strong> If you ever receive a message claiming to be from WPM or a member of our team from a Gmail, Outlook, or any other free email provider, treat it as suspicious and reach out to us directly to confirm before taking any action or making any payment.<\/p>\n<h2>How to Report a Phishing Email in Gmail<\/h2>\n<p>If you receive a spoofed email like this one, reporting it helps improve spam filters for everyone. In Gmail, open the message, click the <strong>More<\/strong> (three-dot) icon next to Reply, and select <a href=\"https:\/\/support.google.com\/mail\/contact\/abuse?visit_id=639185720530129918-669605168&amp;rd=1\" target=\"_blank\" rel=\"noopener\"><strong>Report phishing<\/strong><\/a>. This sends a copy of the email directly to Google&#8217;s security team for review.<\/p>\n<h2>What We&#8217;re Doing About It<\/h2>\n<p>We&#8217;ve reported the email to Google, flagged it internally across our team, and we&#8217;re sending this notice directly to our clients and partners so everyone knows what to watch for. <strong>We take this seriously, because trust is the foundation of every project we work on.<\/strong><\/p>\n<p><strong>If you ever receive an email that claims to be from WPM and something feels off, don&#8217;t act on it \u2014 contact us directly to verify first.<\/strong> A quick check takes a minute. Cleaning up after a scam takes a lot longer.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This week, someone impersonated WPM\u2019s CEO in a fake renewal email sent to one of our clients. Here\u2019s exactly what happened, what made it convincing, and how to protect yourself from similar phishing attempts.<\/p>\n","protected":false},"author":1,"featured_media":14680,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[57],"tags":[],"class_list":["post-14677","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-maintenance-and-support"],"_links":{"self":[{"href":"https:\/\/wpm.si\/en\/wp-json\/wp\/v2\/posts\/14677","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wpm.si\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wpm.si\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wpm.si\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/wpm.si\/en\/wp-json\/wp\/v2\/comments?post=14677"}],"version-history":[{"count":2,"href":"https:\/\/wpm.si\/en\/wp-json\/wp\/v2\/posts\/14677\/revisions"}],"predecessor-version":[{"id":14683,"href":"https:\/\/wpm.si\/en\/wp-json\/wp\/v2\/posts\/14677\/revisions\/14683"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/wpm.si\/en\/wp-json\/wp\/v2\/media\/14680"}],"wp:attachment":[{"href":"https:\/\/wpm.si\/en\/wp-json\/wp\/v2\/media?parent=14677"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wpm.si\/en\/wp-json\/wp\/v2\/categories?post=14677"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wpm.si\/en\/wp-json\/wp\/v2\/tags?post=14677"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}