The folks at WPMU staged a sting operation last week, the likes of which would fit right in if run by Batman himself. You know, minus the cowl. And the danger. And if the Dark Knight operated entirely via email.
Okay, let’s try this again.
Last week one attentive WPMU subscriber, Brian Dooley, received an email (pictured below), that sounded a little fishy – possibly even a little phishy. He alerted the WPMU team about it, and together they set up a sting operation. The goal was to find out what exactly the impostor was trying to achieve.
In the fishy email the sender pretended to be Aaron Edwards, Lead Developer at WPMU. He stated that there was an exploit in the BuddyPress Group Calendar plugin and was requesting that Brian send the plugin to them so they could fix the exploit. But no exploit exists, and WPMU’s concern was that the intent was to insert malicious code into the theme and send it back so that user information could be collected.
For the sting, they created a special version of the plugin that would email them information about the impostor once they installed and activated the plugin. To rule out the idea that it was to collect user information, they sent an old version back. The impostor responded, still in “team member mode”, asking for the most up-to-date version. This is when they sent the special version. After installing the plugin he received, he went so far as to file a complaint about it not working with WPMU, using a fake name of course, and requested a working version.
It worked. Shortly after sending it, they received an email with information about the impostor. They’re currently pursuing legal actions against him. As such, they haven’t released his name. There are more details available on the WPMU.org blog.
Have you ever received anything like the email Brian received? How did you handle it? Tell us below in the comments.