Monday, October 22, 2012

Cybercriminals Use cPanel Spam to Phish for Website FTP Credentials

cPanelPop quiz!

Let’s say that you get an email saying that your cPanel account may have been compromised and you need to sign into your FTP account to initiate a “security check” on it.

The email says it’s from “cPanel Inc,” has the cPanel logo, has a link that leads you to believe it points to the cPanel website, and warns that your domain may be suspended if you fail to respond within 2 business days.

Check it out:

cPanel Phishing Email
Screenshot Credit: Barracuda Labs

From: cPanel Inc
Subject: Your Messages


cPanel Message Center

Dear Customer

Due to our security upgrade to avoid multiple login and an unauthorized access to your online cPanel and FTP account we do require you to sign in your domain name and username and password for security check on your account and afterward we shall send a security code to your email as part of confirmation that your domain has now been properly verified and secured.

To process to confirm and verify your domain for this security check please click
Failure to confirm your domain within 2 business days may lead to suspension of your domain if we observe any unauthorized login and may lead to total removal of the domain name from our system.

Cpanel Management

Now, should you:

  1. Follow the instructions, click the embedded link and login to your account.

  2. Open a browser window, manually access your website control panel and check for any security alerts.

If your answer was “A” then I have some bad news: you just fell for a phishing scam. Now would be a good time to change your website credentials, if you’re still able to.

What happened?

The link provided in the email leads to a (compromised) third-party website touting a fake cPanel login page.  Any credentials supplied will be sent off to the cybercriminals, and they can use that information to hijack your website and setup drive-by-downloads, phishing pages or whatever else their little black hear desires.

It is important to note that if something suspicious was going on with your account, you’d likely get an email from your web hosting company, not cPanel.

That being said, if you happen to receive an email like the one shown above, be sure that you mouseover any links to check the destination URL first, or skip any possibility of following a malicious link by manually typing in the web address you want to visit instead.

[via Barracuda Labs]

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

No comments:

Post a Comment