Since April this year, several hosting companies have revealed that their customers have received email phishing messages via an cPanel impersonator-based campaign. We have not addressed the issue to date because there were zero incidents reported to our users. Similar to this, we had a similar issue in 2016, but we didn’t issue a notice as our customers were not targets. We have however been receiving complaints from our customers over the past few days, and this has led us to release this warning.
The Deceit
The attack at hand appears to suggest that system of cPanel itself is alerting users about the excessive resource usage, which needs to be addressed. The truth is that the attackers behind this are phishing the cPanel user’s login credentials to the account of the user. They offer a link to the “customer’s convenience”, which will lead to an authentic login page. Further details on fake login pages and other methods of phishing.
cPanel has acknowledged this in a blog post from the beginning of 2021, more details on that article can be found here.
Warning
If you’ve already given the username or password through the URL provided in your email, you should change your password right away.
Here’s what the fake email appears:
The present trend is to make use of”Disk Quota, “Disk Quota” alternative, other variants with different resource quotas might begin to circulate in the near future.
Reviewing the Email What do you do?
We are aware that advanced users tend to look at the header of emails for details regarding the sender’s identity, however, knowing how to verify the legitimacy of your email is vitally important. This is even more important in the beginning stages of beginning your journey into hosting, and even the more complex elements of it.
The majority of email clients and platforms provide additional alternatives for every email that you can access using”More” or the Triple Dot, Cogwheel, and “More” buttons. After that, you can click”the “Show Original”/”View Source” option to see an “under the underneath” lookup of the actual sender of an email.
Kindly click here to know more about getting email headers.
Other indicators that you could be targeted by a phishing scam
Your cPanel username isn’t included. This is due to the fact that it’s not disclosed to the hackers unless you provide them with the username. In the body and subject of the email, you’ll find a domain name. As you can have multiple domains that are associated with the same cPanel, and since the resources are determined by the cPanel account rather than the domains, it is a sign that something isn’t right.
A hyperlink to the cPanel’s Disk Capacity Tool. There is no such tool currently available so you’re sure this is as huge of a red flag it gets.
The percentage of space used. In real cPanel emails, the amount of space used is shown in MB. Because attackers don’t be aware of your hosting plan and the amount of available space actually is and are using, they simply generalize your information using percentages.
Note
Be aware that we do not request your cPanel credentials even if the account is on our servers. This is because of the fact that our Technical team having access to all of these accounts.
In the present example Even if you’re certain that the email was delivered by cPanel we recommend logging into your cPanel account on own, not making use of any hyperlinks in that email. It is possible to login securely to your cPanel account by selecting the appropriate icon for your hosting plan within the Hostpoco client area.
At our end, we actively block IP addresses that allow these emails to be sent to our customers. Due to the ease in which this IP can be altered, we are able to limit the number of mailssent, not completely eliminate it out completely.
We can also be reached whenever you think that an email that is associated with one hosting service you use could be a scam attempt to stay sure.