Recently I was helping a new BulletProof Security user track down what appeared to be the second successful hack of BulletProof Security in 10 months.  Turns out the WordPress Theme was what I like to refer to as a “WordPress Theme hacked at the factory”.  Meaning yes you just downloaded and installed a WordPress Theme that is already coded to do something you don’t want it to do, with some nasty code that you had no idea was already in the WordPress Theme - pre-hacked right out of the box.  Now you could legitimately argue that if these links come with the WordPress Theme then they are part of the Theme design itself and well then technically it isn’t a hacked WordPress Theme at all.  The thing that cancels out any legitimacy for these pre-hacked WordPress Themes is that if you remove the links they will just come back again tomorrow because that is the way the coding is designed in these pre-hacked WordPress Themes.

In this particular case the WordPress Theme was displaying a link at the top of the page going to one of those obnoxious viagra-like sites.  I was curious about where the WordPress Theme came from so working with the owner of the website we did some back tracking.  The owner of the website (may or may not want to remain anonymous – have not asked for permission to share his name yet) discovered a very nasty picture.  Several mirrored websites with thousands of pre-hacked WordPress Themes ready to be downloaded by unsuspecting victims.

I can’t say with 100% certainty that this is 100% intentional, but all the evidence puts me at around 99.99% sure that these sites are intentionally offering pre-hacked WordPress Themes to unsuspecting victims.

BulletProof Security is not capable of stopping your website from being hacked if it is designed pre-hacked.  Meaning the Theme is already hacked right out of the box.  So BulletProof Security is not detecting an external threat because the hack is already built into the Theme itself.

There are too many WordPress Theme names to list since there appears to be thousands of them on these mirrored websites that are pre-hacked.  So be forewarned that if you downloaded a WordPress Theme from these websites you are probably downloading and installing a pre-hacked WordPress Theme with coding already in it that you do not want.  Unless of course you don’t mind having Viagra and other obnoxious spammy links on your website.  LOL

wpblogskins.com
wordpresstemplates.com
wordpressthemes2.com

These are just 3 of the mirrored sites and there appear to many more.  What is the smarter approach it so check your WordPress Theme for these following things:

filenames:  theme_licence.php and start_template.php (which can be easily changed to something else again)

Check your WordPress Theme header.php file and sidebar.php files.  If you see code like this in these files then you have a pre-hacked WordPress Theme.

require_once("theme_licence.php"); eval(base64_decode($f1)); bloginfo('html_type'); 

A note of caution:  If you are downloading a Free WordPress Theme from an individual website as opposed to downloading a Free WordPress Theme from WordPress.org you want to make sure that you check the Theme’s code for any suspicious coding.  When anyone submits a Free Theme to WordPress it is checked and approved by the WordPress folks before it is allowed to be listed in their Theme directory.  The same applies for Free WordPress Plugins – the coding is checked and approved by WordPress before they will list the plugin in their directory.

At some point BulletProof Security will include simple Alerting that will detect whether or not you have a pre-hacked WordPress Theme.

Video / Audio Recordings

The Mystery Shopper Western Union counterfeit check scam has been around for many years and is recently on the rise again.  There are many variations on this particular type of criminal scam.  The typical formula for the Mystery Shopper scammers is to send you a letter in the mail informing you that you have been selected as a Mystery Shopper candidate to evaluate Western Union’s customer service level.  Counterfeit checks, bad checks, fake checks or forged checks are also included in the letter.  Your Mystery Shopper “job” is to cash those counterfeit checks, bad checks, faked checks or forged checks and send the majority of the money /cash through the Western Union money transfer / transaction system under the fake job assignment of  evaluating Western Union as service providers.  Your payment for this fake Mystery Shopper assignment scam is that you get to keep the remaining amount of the counterfeit check, bad check, fake check or forged check that you cashed.  Besides being ripped off by these criminal scams, cashing counterfeit checks, bad checks, fake checks or forged checks can get you arrested and even convicted of a felony.

I recently received a letter in the mail notifying my that I had been selected as a Mystery Shopper candidate.  The letter informed me that I would pose as a potential customer sending a Western Union payment as a Mystery Shopper to evaluate Western Union’s services.  The Mystery Shopper scammers request that you contact them immediately upon receipt of the letter so that you can speak with an assignment co-ordinator and validate or activate the enclosed check.  Instead of destroying the counterfeit checks from this scam I decided to expose these particular criminals and put them out of business for good hopefully.  These particular Mystery Shopper scam criminals were operating out of Ontario Canada, specifically in the Toronto, Ontario and London, Ontario areas.   

I legally recorded a series of 4 conversations with these Mystery Shopper counterfeit check scamming criminals on my business telephone knowing full well that I was talking to check counterfeiting criminals who were trying to involve me in a crime and of course steal money.  There were actually 5 recorded conversations, but I cannot use the first conversation for legal reasons.  The first conversation is not that interesting anyway.  The criminals are sizing me up and assessing how suspicious I am.  The 4 recorded conversations are split into two parts so that they could be shared on YouTube.

I want to sincerely thank the London, Ontario Police department for their assistance in catching these criminals.

* No information has been provided or disclosed about how to successfully track and catch these criminals.  If you are a check counterfeiting criminal you are wasting your time by watching these recordings.

Mystery Shopper Scam Exposed – Criminals Busted (1 of 2)

Mystery Shopper Scam Exposed – Criminals Busted (2 of 2)