We’ve identified a phishing campaign targeting WooCommerce store owners. These emails falsely claim to be from WooCommerce and alert users about critical security vulnerabilities that don’t exist.
How to identify these fake emails
The phishing emails:
- Come from suspicious domains like
help@security-woocommerce.com,incident@notify-woocommerce.com, orhelp@support-woocommerce.com - May use punycode domains that appear similar to legitimate WooCommerce domains (example:
https://xn--woocommere-7ib.comwhich can display aswoocommerċe.comin some browsers) - Claim a “critical security vulnerability” was found on or around April 14, 2025
- Mention a specific store URL and claim it’s directly impacted
- Ask users to download and install a “security patch” (which is actually malware)
These emails are not from WooCommerce
WooCommerce security communications always come from official sources like WooCommerce.com or Automattic.com email addresses and direct users to an official download page or WordPress.org repository with clear documentation and verification steps.
What to do if you receive these emails
- Do not click any links or download any files
- Do not install any plugins from these emails
- Report the domains to your email provider as phishing
Keeping your store secure
The best ways to keep your WooCommerce store secure:
- Install updates directly from your WordPress dashboard or WooCommerce.com
- Enable auto-updates for security patches
- Use strong, unique passwords and two-factor authentication
- Only install plugins from trusted sources (WordPress.org or WooCommerce.com)
We’re actively working to shut down these phishing domains. If you have concerns about your store’s security, please contact our support team through your WooCommerce.com account.
Your security is our priority.
Update: Comments now closed
Thank you to everyone who reported additional phishing domains and suspicious emails. Your vigilance has been incredibly helpful in tracking this ongoing campaign.
We’ve compiled a comprehensive list of known phishing domains from your reports and are actively working with registrars to take these sites down. The purpose of this post was to alert the community about these phishing attempts and provide guidance on how to identify them.
If you encounter any new suspicious emails claiming to be from WooCommerce, please report them directly to our support team through your WooCommerce.com account rather than commenting here.
As a reminder:
- WooCommerce will never send security patches via email attachments
- Official communications always come from WooCommerce.com or Automattic.com email addresses
- Always verify security notifications through official WooCommerce channels
Your security remains our top priority. Thank you for helping protect the WooCommerce community.
37 responses to “Dev Advisory: Phishing campaign targeting WooCommerce stores”
An additional URL has been shown to be woocommėrce.com – Note the small accent on the ‘e’ within woocommerce, as a ‘ė’.
This is a different character, and thus, a different site.
I’ve just received two of these emails, from noreply@woocommerce-monitor.com and noreply@woocommerce-updates.com
FYI: no-reply@mail-woocommerce.com is the email that was used in an attempted phishing scam for my website. The link in the email for downloading a patch was a bitly link, which I copied out of curiosity but did not visit after seeing it was a shortened link.
I received from this email no-reply@woocommerce-care.com asking me to download plugin because of critical security vulnerability.
Just had one from security@mail-woocommerce.com – another variation.
We received a similar email from: security@news-woocommerce.com
Thanks everyone for sharing these additional phishing domains. We’re continuing to track this campaign and have identified several more malicious domains beyond what was initially reported:
woocommėrce.com(with an accent mark on the ‘e’)noreply@news-woocommerce.comnoreply@woocommerce-secure.comsecurity@mail-woocommerce.comsecurity@news-woocommerce.comnoreply@woocommerce-monitor.comnoreply@woocommerce-updates.comWe’re actively filing reports against these domains and working with registrars to take them down. Many of these domains were registered very recently, showing this is an active and evolving campaign.
If you spot any additional suspicious domains or emails claiming to be from WooCommerce, please continue reporting them here or directly to our support team. Your vigilance helps protect the entire WooCommerce community.
Remember: WooCommerce will never send security patches via email attachments or ask you to download files from unfamiliar domains. Always verify security communications through official WooCommerce channels.
Where do we report these phishing scams? I just received one and initially I looked it over, but noticed the weird little accent over the e and my gut said “NOPE!”
I still have it and would love to report it. Thank you!
Hi all, I got one today from security@support-woocommerce.com
Thanks for this! Got one today from no-reply@mailer-woocommerce.com
HI,
Just got one today from support@woocommerce-scan.com.
Another site seems to be wooċommerce.com. Please also keep an eye out for this one!
One of our clients got one yesterday
From: Woo no-reply@woocommerce-shield.com
Hi got this from Woo support@woocommerce-secure.com
Just received an email from the domain “woocommerce-safety.com”
no-reply@woocommerce-alert.com
I just received this email… and clicked it… thinking it was a 100% legit…
I got this one this morning.
no-reply@woocommerce-verify.com
I got this one: no-reply@woocommerce-info.com
I would also add http://woocommerce-updates.com/
I got this one: noreply@woocommerce-verify.com
support@woocommerce-alert.com is defiantly a fake email.
I got this one: security-team@noreply-woocommerce.com
Got that one : security-team@woocommerce-safety.com
We got this one: security-team@help-woocommerce.com
I just had one from security-team@woocommerce-info.com
Just got one from security-team@support-woocommerce.com
Is support@woocommerce.com legit? They are asking for more information on my account to continue to receive payments.
Marie,
WooCommerce.com is indeed our domain, so emails originating from there should be legit.
However, I searched our support system and could not find any existing support requests from you (which I should be able to see if you’ve already been in communication with us).
If you’re in any doubt at all, contacting us via the support form is the best way to be sure you’re talking to our staff. 🙂
https://woocommerce.com/my-account/contact-support/
Thanks!
I received one from mail-woocommerce.com, pointing to the domain woocommerċe.com.
Voici une autre adresse mail (reçu aujourd’hui )
no-reply@woocommerce-client.com
i got one from no-reply@admin-woocommerce.com
I got today 5 /5 /2025 at 16h04 : no-reply@news-woocommerce.com
Hi
Just to add to the list I received an email from:
no-reply@support-woocommerce.com
stating a critical vulnerability was detected on my website and to download the patch (which I didnt).
Thx
no-reply@woocommerce-client.com
Here’s another one if you don’t have it.
Hi, received an email today from no-reply@woocommerce-sec.com “We are contacting you about a critical security vulnerability reported in the WooCommerce platform on April 28, 2025”
i’m upto date anyways
Got this mail today from woocommerce-sec.com
Just got one from woocommerce-mailer.com